Analysis
-
max time kernel
81s -
max time network
83s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
30/03/2025, 21:04
General
-
Target
https://www.mediafire.com/file/zh1io5g5cavqo7l/Rose%2527s_bot.zip/file
Malware Config
Signatures
-
Drops file in Windows directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Command and Scripting Interpreter: JavaScript 1 TTPs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of FindShellTrayWindow 54 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.mediafire.com/file/zh1io5g5cavqo7l/Rose%2527s_bot.zip/file1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x290,0x7ffcd490f208,0x7ffcd490f214,0x7ffcd490f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2368,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=2364 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2424,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=2560 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3468,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5108,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5776,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5920,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5968,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5220,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6048,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6228,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6448,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6848,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6876,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5940,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6836,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6400,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6060,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6636,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5216,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=2792,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5652,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=604,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=5712,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5340,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6304,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7604,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7620,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7688,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8236,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=8252 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7988,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7988,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=8536,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=8556 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7600,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7440,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=7244 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=7152,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3628,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=2248,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=7696 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7692,i,10340877585707358982,17352569062940739046,262144 --variations-seed-version --mojo-platform-channel-handle=8312 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Roses bot\HOW TO INSTALL.txt1⤵
-
C:\Windows\system32\mspaint.exe"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\Roses bot\Rose's bot\ass.png"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Roses bot\Rose's bot\popup.html1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Downloads\Roses bot\Rose's bot\popup.html2⤵
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\Roses bot\Rose's bot\popup.js"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40KB
MD5291808ec5b45b4f4477c10f029853ea4
SHA12f49fb7ab92a53d8f37e1a89809c5bf6c34b5e8f
SHA256f40a59a07d0926d512e440c0f439a240ce41c08e8f972dd1856dca497c0b88eb
SHA512b0994250eaa10a4e78533e488fd1ebac897778c8fabf39f3dfc18aeb810027b3238ec35b8329a2b84db9b3fdd125b4506431d8ca31e59b772c5fc8dc793964ab
-
Filesize
280B
MD56c3ba40e438b794a4630cfac27b4855f
SHA1255cbd9d9013024a359b4ac1187fd0f39b89f46e
SHA25644150c3a8ecd45408e7bb17ad9cd38d3191e8ffebfb8e09f9c41b8f59620a5b2
SHA512344ad251942b3e6d2844145607029bfd2439cf5518fbc6e0e82fa6bec9f5ff391ecf38025dcddc8158591bd433b767126b2c7d520b7a97389f31aaff63f3188d
-
Filesize
280B
MD576933982b6ac8eca039eed53343688b2
SHA1d803c357e931a5291a1acf598d4ccb4e518dea0e
SHA25699e42525d47915f2d0833593adebb046b0f13a7a1818408e4fe2161b29987a92
SHA5122a6e1932e0bbab92124e7156de7ab6efe0d7cbd7339a8f27b1693a20eef8f48f69503a1149ecfa694d6ffff7f06feeb04a77531cd4e218e4df19be139c563a19
-
Filesize
20KB
MD5c5145c817d971199bcf78f2621e571e3
SHA13778044b0eddb5dcb4868d72b9b519556797130e
SHA256ef77396091aca9aed5e995e0291df2b7808bab74f46475632293ae91d34db43f
SHA5128d0f6b855d289ec67bedaf08d73595f5563764156caeac54833b8b6dec980a5609d399b05379d7c5e023fe2cd56a07553b5266937468ef007a8581daa7046652
-
Filesize
6KB
MD59c61643c57adcc64d4cab3864cb373be
SHA1899f466874bf26614d92983ad08dce5e907dcf48
SHA2565dae11a22d1c2787ed9544ee75b5812deecb871ae1ae5cc063c46d9b0396ab67
SHA512184763cffa8f1108b225558d793db19c9ee7f098cad4cd7da326c5cc47b40a42762cd0f3ee8ad3a92a0dfc7053b8cba93921afd7b560a1a4fa208d004a23c9f5
-
Filesize
3KB
MD5aed5b20e91e33eff1c5326a89fc710f3
SHA1bd2714d2efafad95eca13c833fd0c0013eff309b
SHA25691ca16ec22d3679c6ba33c9ffd760d9c6ee8f6d5175713246b26c7e12507f553
SHA512655165b4c57a1d1f9a6ec371c1f7611fb7d161e83509219caafb100db23ab85873cbd15f88da1d46f726d99644935f8ab056c3d96952c8839ffb142dbbb53974
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
23KB
MD574360c379fa5181610fefa4b98d012db
SHA15890d3a885c26a74ba40746e8ebbeb04489aa866
SHA256e64c654ca92c911c30e7101fa88d1c489e4dba57723c967871bd94d92571ab6f
SHA512437197d02bbf28691204f374c65677d67fba76e5cb4561938e37392ef51b07c12a72b7126f517c79fda127ddd84bebb43ba3a20d536d6e1fc3ed7ede054e848a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
22KB
MD500d35c1f7b876a88294b843c26f57e6f
SHA1c6b2f175b5186eb5226f887f2380c8c90a884114
SHA2560cb14658b7689425a8d43425304f90bf32be7cc17092c25ad21b9fbc01820725
SHA512d389c834723aefaca070d83280b77c465ebc16e138712f91e78eb97941300881ca71bebad0d2736f5266e901375c6f1d4d47dcd54c04ca54688656660f55f832
-
Filesize
23KB
MD5982ee6cf505e74e04bb65d8a8bd5ea9a
SHA13c154c54ba8a498bdc9a4f9e262c39be3174dd49
SHA256aa1a88cb0ce59f7b6d2ceb8ea3845aa944a11c845ee8e4c6de6d410903ba2984
SHA51257730efc8e217216930341a2c41e635d903a49eb19f14cb7584bcaeb6c45582f75bbb51c9a4e83a2ff9bdacdcb14666122f10c3dca6f105ec2816587ffed677e
-
Filesize
36KB
MD59c644ac2ac136b626a5b84f5819b765e
SHA1645b4408ba1a96822a26ec7518490660cfa79788
SHA256e4d3f7cc37566271fdb3d42ada61af2eda60bcdafecbf0e9bfd1d241d9041e34
SHA512069e008028df2a65f4bf00bd1555e00b3aaeadeaea86fdae3dd40c84dce43755967dcafd6000d7c3ce84fcbff89b8f6183c28118506b6e3a385547245871ff22
-
Filesize
72B
MD52fdf7b469113743f588060778f818ab4
SHA18ebe9580017f0711dc004991b5cddf12084a03e0
SHA2566842f3b8e52bf9bd76908d3f5d70de7ed8adbab451462375cac525bf27c5aa32
SHA5128880bd8dd7ab71f73eab5cf9d8e45cf2ae402f11354e7d0f2dc61a3567adcfb88559ec73fe87dac327ddaeecb9ffca6b1b24e9060dd0db87eb386df2dc721e04
-
Filesize
48B
MD5dfe6024a23667097be3ede068d6f194f
SHA1d129b7e453a584aaeed6947f298da165dc0b363b
SHA2566d0f401121979a6a8ed220f09cbf79a09b14dfe36ac51def23aae811e1fd0b22
SHA5129d10a7ce52a3e0cf92be8b3ae920e287401622995604698667368885f78ada4efc87bda5f9e3504ac4452175347b9d1c9493abe9edccb9c4096f745cf93bc763
-
Filesize
22KB
MD58403fd1943e4783ffb503f2cdd7e650b
SHA1cfedcc558276f2049d3c1f88cf6d5174e6ed27ab
SHA25633667ffaa549d0351cedafdb1b7f7cb26a85a63d9d33c310062bac19f3611fb7
SHA51211a194d2f66d7358c8002c27936c33877a410246e22883081b544312a71713577021547d12e7ff6ed7d80d316e089afe50e866043b0d93efea72c4182518698a
-
Filesize
467B
MD5204acd187884e16c559df29a8bfa6160
SHA1ae12dd50b156af57b9c10014c38598b65e8aa1a3
SHA25613b666f504bd02561cb4be4503d673de02dec30e609b50be449c1f13e962405e
SHA512a4707c25d7c4eca7759108e9f6c22450b3bfdda04075e23f8f530f5545c05d1a05e84e4a26d5615048b1eaa18c6fb2c3d11de0d5c5e3b7b12e38bb620085cc18
-
Filesize
23KB
MD551569faa680f6d7d0b44b8ca6a18b969
SHA15d2e37bc3481e0904e4815ed98a83950c479b439
SHA256febf98c4dbc356f75500174bfaf25b448f05a96edac711cbacc25a9842d75ea4
SHA512340dcb977c0b79a74b7f6f6bb85eff6e58eb4e94f7502885e73993ff56ba67f115f34b6011aee597dd444265e94cc7ce20287e2c5cd0479ac6b9fe4709d99ffe
-
Filesize
900B
MD51420e3e78104fb5c9e9e814b8ca061c0
SHA1c93415fc71f1354296fe5f405940af8058f9e600
SHA256b16e29a99f5f8c4ce3bb9e1884c4705ce6b0f91df07a3eb113264ff08e6849b8
SHA5127e681135c80595ed140f7f7fdfbe5ac2acbeb4bfc5282e3ee4d036a826991561a8f6e268e952073cff5b68e16544b19fb10cffdd2c812e910f7bb968bee3e48b
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD5079d3248372596703895476be4b1f97b
SHA17ec8227cf8a4bfdf4e19e4a4f0d691e5bc02de87
SHA256dd96a2328d40ff9382b72589ddd8951aefa47f01dda3c26e3ea882f84852880f
SHA512f31ffd9535c9910eceaee32404001efd56bc9918e5ceec3360384cbcd60c2e350a091b0e51184cdace829914d976181aebc814ae4055e289c96bf0fb00c7cc0c
-
Filesize
50KB
MD5cdbf0b1d24f69e505fc5797854a7f32a
SHA1f817a6361b7e8e3db66bb08ccf8609dc3473372d
SHA2569ecf8dfee90669df1b5adb961c2f26275770ee0a0e0690cf862e2f59ca0f32e6
SHA51279441843d2efc00b1f5a4c762a9b1534f2d60dee3fd5c4b2545affddf3deb0dac4d00b346a4956907ed5ddbac2dd2cfe3591e5bc3470b392961cfd3534d26bce
-
Filesize
50KB
MD51c612a331fa3d90ab7b7420b1ff54069
SHA15870758d9617215af2bcf8145ebc7dfb02598f95
SHA256cdcc83a3b152f1994ec90d3db4b39b03850db29281b700a741229a4d1d1a0697
SHA51210f151874492858849ff313eecbc34580c4503f13e0f2b8b47a63e3da29f36d50c991e12e1e031864c134763b2418094f5c06bbd3079ae422b406d4e5becfb13
-
Filesize
50KB
MD5451de5585f13da4befed384d02777c24
SHA1f72455782ef7a0baec51dda74dbadf6e683ac66c
SHA25659a8fdc9cb074443288b820ce36234bac1b69ef865ef98ba39a1af10b3c24a79
SHA5123c8777fb71349b9cda1c069d65a0132676ff99b7245876ba11e5ba1080ab4876b2c536e8bb7deee47e2cbeaa9df04ffb1fd11a902a457c7dad24565ea296fde8
-
Filesize
392B
MD58b81c3c7275b00a488958bbdf72b5855
SHA14b9015d4774d9e6a93eda8d21ebd83312fe5f597
SHA2568282d366ea617ae9b6daf545d12001ae1b5d4df92eef0bcfd6b9c6d6257f3a00
SHA512e23dd2ef72ab7a440a620f1480631e773a05c6c409b14e12bd05b2afaec0f7419cfa3bf8f0bb08b84a7cd01afafc47214537f2763b87c5ad6f36ffe59f5230a4
-
Filesize
392B
MD5ccde0a93a797e0cc545625726fb2d6c5
SHA1fc36081d2eb28896a85aa00edc49f4baa7846a2b
SHA2565d911eef7a280458887db38a6322b568b0373fb08ed503b9a47a5053624668c7
SHA512a09380cb4e0eda59f68d9a369d97dba9bcc6e646c9dcc24882fe3a32fe3f6d084a0098252b2be3c1bf430bb73ac2b64d050ebb4b98406dcb419a0f1b1c2121ef
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
2KB
MD52c4e1d7cb644c597c8b7f8c93adec8b8
SHA10f374bbc477ad62a5005caa111799bc5d84cfc38
SHA2564ded1f31798e901c5d64631953edf63f8f1a57241cbb20c29519bfa2c773f4cc
SHA512a62b68cd0bcf4177ae4c672801bcb671521efa6a6e2bec0c75acc62aeea5115639c8d57e232b3a5f49a1494943bc39021d717a67002345039d2a0dbe1436a6f4
-
Filesize
977KB
MD570ae7a658cc405c8add2dd05596bde4e
SHA12de415f82a2439671e6adbcac4c988ce66c99831
SHA2566bd88b612c6d6f0b1fa1588e2fc469ea3c08c2bf8adc7d4062917a3fda4cd6c4
SHA5125e7ec77b1d45cfe7fb2731cc02b12cd99ba7846092b15d1e45e4b43773fd4b495789ea0b48f56a7c32261511478e52d6f3512e238b0250d52dcb5f9a986a64b8