analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://tic-tac-toe2-beige.vercel.app/api/Tictactoe2

Full analysis: https://app.any.run/tasks/5769b2cc-aaca-4576-bddc-273cb702efc4
Verdict: Malicious activity
Analysis date: April 01, 2023, 18:29:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CB16B9F198658580BC1762312DC7ED8F

SHA1:

578971E9000777BBDE743A7E9F47D0ACA0D59B9C

SHA256:

75EABF3F94A01D9441C2A2C461360D77562C2E1EE249073B58B9408CBBB71738

SSDEEP:

3:N8EaB6dTyL8gEVLTvB:2EahA7B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the Internet Settings

      • cmd.exe (PID: 1020)
    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 1020)
  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2700)
      • chrome.exe (PID: 568)
      • chrome.exe (PID: 3884)
      • chrome.exe (PID: 2440)
      • chrome.exe (PID: 3104)
      • chrome.exe (PID: 2168)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 2996)
      • chrome.exe (PID: 2812)
      • chrome.exe (PID: 3652)
      • chrome.exe (PID: 2272)
      • chrome.exe (PID: 1032)
      • chrome.exe (PID: 1048)
      • chrome.exe (PID: 2720)
      • chrome.exe (PID: 1316)
      • chrome.exe (PID: 4064)
      • chrome.exe (PID: 3852)
      • chrome.exe (PID: 1604)
      • chrome.exe (PID: 2656)
      • chrome.exe (PID: 3232)
      • chrome.exe (PID: 1752)
      • chrome.exe (PID: 1580)
      • chrome.exe (PID: 4088)
      • chrome.exe (PID: 3844)
      • chrome.exe (PID: 3088)
      • chrome.exe (PID: 2004)
      • chrome.exe (PID: 3532)
      • chrome.exe (PID: 2708)
      • chrome.exe (PID: 3920)
      • chrome.exe (PID: 3532)
      • chrome.exe (PID: 3160)
      • chrome.exe (PID: 3180)
      • chrome.exe (PID: 2776)
      • chrome.exe (PID: 2844)
      • chrome.exe (PID: 3816)
      • chrome.exe (PID: 2732)
      • chrome.exe (PID: 3624)
      • chrome.exe (PID: 2620)
      • chrome.exe (PID: 992)
      • chrome.exe (PID: 4088)
      • chrome.exe (PID: 308)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 2336)
      • chrome.exe (PID: 312)
      • chrome.exe (PID: 1752)
      • chrome.exe (PID: 1580)
      • chrome.exe (PID: 1092)
      • chrome.exe (PID: 3224)
      • chrome.exe (PID: 3288)
      • chrome.exe (PID: 4032)
      • chrome.exe (PID: 2984)
      • chrome.exe (PID: 1920)
      • chrome.exe (PID: 4032)
      • chrome.exe (PID: 2688)
      • chrome.exe (PID: 616)
      • chrome.exe (PID: 3516)
      • chrome.exe (PID: 1048)
      • chrome.exe (PID: 1940)
      • chrome.exe (PID: 3972)
      • chrome.exe (PID: 3744)
      • chrome.exe (PID: 2836)
      • chrome.exe (PID: 3632)
      • chrome.exe (PID: 3540)
      • chrome.exe (PID: 1936)
      • chrome.exe (PID: 2984)
      • chrome.exe (PID: 3668)
      • chrome.exe (PID: 2696)
      • chrome.exe (PID: 2340)
      • chrome.exe (PID: 2924)
      • chrome.exe (PID: 1400)
      • chrome.exe (PID: 4068)
      • chrome.exe (PID: 2304)
      • chrome.exe (PID: 2032)
      • chrome.exe (PID: 3068)
      • chrome.exe (PID: 3080)
      • chrome.exe (PID: 2272)
      • chrome.exe (PID: 1416)
      • chrome.exe (PID: 2272)
      • chrome.exe (PID: 3244)
      • chrome.exe (PID: 1820)
      • chrome.exe (PID: 3412)
      • chrome.exe (PID: 3224)
      • chrome.exe (PID: 1412)
      • chrome.exe (PID: 1648)
      • chrome.exe (PID: 692)
      • chrome.exe (PID: 3200)
      • chrome.exe (PID: 3776)
      • chrome.exe (PID: 3708)
      • chrome.exe (PID: 1108)
      • chrome.exe (PID: 1752)
      • chrome.exe (PID: 2244)
      • chrome.exe (PID: 2952)
      • chrome.exe (PID: 3296)
      • chrome.exe (PID: 4060)
      • chrome.exe (PID: 2464)
      • chrome.exe (PID: 988)
      • chrome.exe (PID: 588)
      • chrome.exe (PID: 3740)
      • chrome.exe (PID: 1428)
      • chrome.exe (PID: 1872)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 1224)
      • chrome.exe (PID: 2980)
      • chrome.exe (PID: 2544)
      • chrome.exe (PID: 920)
      • chrome.exe (PID: 1868)
      • chrome.exe (PID: 2200)
      • chrome.exe (PID: 1400)
      • chrome.exe (PID: 2904)
      • chrome.exe (PID: 2688)
      • chrome.exe (PID: 1224)
      • chrome.exe (PID: 3088)
      • chrome.exe (PID: 3120)
      • chrome.exe (PID: 3116)
      • chrome.exe (PID: 1224)
      • chrome.exe (PID: 3900)
      • chrome.exe (PID: 2808)
      • chrome.exe (PID: 3612)
      • chrome.exe (PID: 4088)
      • chrome.exe (PID: 3364)
      • chrome.exe (PID: 128)
      • chrome.exe (PID: 3084)
      • chrome.exe (PID: 2112)
      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 3992)
      • chrome.exe (PID: 2404)
    • Manual execution by a user

      • cmd.exe (PID: 1020)
      • notepad.exe (PID: 3544)
    • Create files in a temporary directory

      • iexplore.exe (PID: 2700)
      • iexplore.exe (PID: 876)
      • chrome.exe (PID: 2440)
    • The process checks LSA protection

      • cmd.exe (PID: 1020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
594
Monitored processes
552
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe notepad.exe no specs cmd.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs timeout.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2700"C:\Program Files\Internet Explorer\iexplore.exe" "https://tic-tac-toe2-beige.vercel.app/api/Tictactoe2"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
876"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2700 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
3544"C:\Windows\System32\NOTEPAD.EXE" C:\Users\admin\Desktop\a.batC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1020C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\a.bat" "C:\Windows\System32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2440"C:\Program Files\Google\Chrome\Application\chrome.exe" https://tic-tac-toe2-beige.vercel.app/api/Tictactoe2C:\Program Files\Google\Chrome\Application\chrome.execmd.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
3012timeout 2C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
3276"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6f28d988,0x6f28d998,0x6f28d9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3748"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,1586682915424520300,1861322446926030818,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3328"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,1586682915424520300,1861322446926030818,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1244 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
2776"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,1586682915424520300,1861322446926030818,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
160 976
Read events
156 752
Write events
4 214
Delete events
10

Modification events

(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(2700) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
0
Suspicious files
848
Text files
1 174
Unknown types
46

Dropped files

PID
Process
Filename
Type
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506binary
MD5:FD12AB1086969616B75C49A67CB8C89C
SHA256:FA40F1A67EAC65497182AD928907014A1E4AF639556065833C7A14D97CC98E11
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:38E3FDC70A16E14EFE577F7F3F5587B7
SHA256:DE05B0CA4B1FF7488C3798662D590A3CCBC62F13C8787DE555CAF1C76E6485EF
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38Bbinary
MD5:0AEFA40C6EFB5911F202497A887DF37F
SHA256:CB02EE4A4A5A4E73D16ADFFDB6D6F504951A3D0E994EBA377BBBDBE266DE14E9
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:5B2D8898BAC2728BF0BF09DEA567E461
SHA256:DBD49300E88362A83611AD6351E44969BB2FF7E24E79BA12A831F9AB308E245B
876iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_D21E2ECA16C426DD4124714500D479F2binary
MD5:99FDFFD98F96F19F2B96A1F9DB38F537
SHA256:23334BF0D40D089D1C3D3D6AA1D5534A9DF80756B02A4B9F38E734C78FAF8AB6
876iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabFF61.tmpcompressed
MD5:E71C8443AE0BC2E282C73FAEAD0A6DD3
SHA256:95B0A5ACC5BF70D3ABDFD091D0C9F9063AA4FDE65BD34DBF16786082E1992E72
876iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\TarFF62.tmpcat
MD5:BE2BEC6E8C5653136D3E72FE53C98AA3
SHA256:1919AAB2A820642490169BDC4E88BD1189E22F83E7498BF8EBDFB62EC7D843FD
876iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\Tictactoe2[1].htmhtml
MD5:A1BA8EAE55B81D131F499DA3519BBFBB
SHA256:2371069BD438CAA9D1FCE1806E51DA0DDE1D0F59455214C066C9DE07C4AC000B
876iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\41eo33HEQRL[1].pngimage
MD5:CA2DB44C3AF7714696BB866E9FDC4B4D
SHA256:F14C0E14E3548E50A97A467C50C730D0D7A4758F61D39550EEA0A5347C3A22B6
2700iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA21F43753D4E43E7.TMPgmc
MD5:D2476E7C455361F1D70BA4BAB419CBD1
SHA256:9661F782760FD15D7804B31C4B85E15FB3483CBBCE7096CFF2CE8BD586D7B913
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
52
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
860
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjg0QUFYSnN4MFUtaEQwNDZqVGRkVkFmZw/1.0.6.0_aemomkdncapdnfajjbbcbdebjljbpmpj.crx
US
whitelisted
876
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?76ce3b6368335e5d
US
compressed
4.70 Kb
whitelisted
3328
chrome.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUwyMERESEZGVmJnQQ/1.0.0.6_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
crx
242 Kb
whitelisted
876
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAyO4MkNaokViAQGHuJB%2Ba8%3D
US
der
471 b
whitelisted
876
iexplore.exe
GET
200
152.199.19.74:80
http://s.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEEsrARXN5cdIGzzd%2Ft4RFp4%3D
US
der
1.53 Kb
shared
860
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
9.72 Kb
whitelisted
860
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
whitelisted
860
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
12.0 Kb
whitelisted
860
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
41.8 Kb
whitelisted
860
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac5q25btpqhkjhcekqoslcldvuya_1.3.36.141/ihnlcenocehgdaegdmhbidjhnhdchfmm_1.3.36.141_win_ehzjmd5kjmert7jdgsrj4xqxj4.crx3
US
binary
14.5 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
876
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
876
iexplore.exe
76.76.21.164:443
tic-tac-toe2-beige.vercel.app
AMAZON-02
US
malicious
2700
iexplore.exe
76.76.21.164:443
tic-tac-toe2-beige.vercel.app
AMAZON-02
US
malicious
2700
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
876
iexplore.exe
23.37.41.57:80
x1.c.lencr.org
AKAMAI-AS
DE
suspicious
876
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2700
iexplore.exe
152.199.19.161:443
r20swj13mr.microsoft.com
EDGECAST
US
whitelisted
876
iexplore.exe
152.199.19.74:80
s.symcd.com
EDGECAST
US
unknown
3328
chrome.exe
142.250.186.99:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
3328
chrome.exe
76.76.21.9:443
tic-tac-toe2-beige.vercel.app
AMAZON-02
US
malicious

DNS requests

Domain
IP
Reputation
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
x1.c.lencr.org
  • 23.37.41.57
whitelisted
m.media-amazon.com
  • 143.204.93.84
whitelisted
s.symcd.com
  • 152.199.19.74
shared
ocsp.digicert.com
  • 192.229.221.95
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted
clientservices.googleapis.com
  • 142.250.186.99
  • 142.250.186.131
whitelisted

Threats

No threats detected
No debug info