Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 02:31
General
-
Target
UnbelievaBoat-AUTO-main/main.py
-
Size
3KB
-
MD5
797f25c8754061aca934ee7653949f3d
-
SHA1
0d34199e1ab3cdf027d1199cd108fcd394ffef77
-
SHA256
7f0b60b273e7fa44dc079f24d06a95e915df20f37dfac955d19194c0059da93a
-
SHA512
3a188395b635f7e8a0600b34f61b5904ea2e7de48462c39225520f430c1a50cc453b55edcffe921716997acb505d2e01d26bb79df2290d10f83b56c22938fd99
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 57 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\UnbelievaBoat-AUTO-main\main.py1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\UnbelievaBoat-AUTO-main\main.py"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09582915FD31AB4EF2C9F00E1B76F796 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=417E48201DB7E99F287B54401B10B3C3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=417E48201DB7E99F287B54401B10B3C3 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:14⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22C89C7DD20BFF36C2F8ECF3B3C4567F --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=76037A582D27C0DE00D6BDCE8D5DC605 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6CA6EA7041D86E3AB7D60CE7B31A855C --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff42a646f8,0x7fff42a64708,0x7fff42a647182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4168 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,2344460558604259943,8309320888979934281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"2⤵
-
C:\Windows\Temp\{72AC62B3-274B-4B59-96A9-F6DC55FF2CD4}\.cr\python-3.12.4-amd64.exe"C:\Windows\Temp\{72AC62B3-274B-4B59-96A9-F6DC55FF2CD4}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=556 -burn.filehandle.self=5643⤵
-
-
-
C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"C:\Users\Admin\Downloads\python-3.12.4-amd64.exe"2⤵
-
C:\Windows\Temp\{3CD4BA0B-F8BD-42F5-B4B2-61641E5A7370}\.cr\python-3.12.4-amd64.exe"C:\Windows\Temp\{3CD4BA0B-F8BD-42F5-B4B2-61641E5A7370}\.cr\python-3.12.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.4-amd64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=7203⤵
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD5b4f41f447a83172d6684e2a0f68b93b6
SHA10e9f6850b330a8637e38d650c33ca46ffcda6afe
SHA256b4be98119208cd65e89b12bc273df335fd2338cd3fe500e51c0235db7624c863
SHA5125d48058bd7bbf83b65e2762729aa65a65d77f7d0440cdd05419d4355db65bfd6a5e418e6f82773753d9048b3015922f79fe28fba9ef12d9f0d9592156d97a110
-
Filesize
12KB
MD5b18b686f8e569a7fc1c9aa7b9ab7eb9e
SHA16edd3f4b862e036849d9fbd06a530cf25693fbdd
SHA25627ac3aa2a8543cf24378c773de8ec90026800a5aa91d5cac499673f0e6c135d2
SHA51207a1ea6cf6ed7756144953733c19fba22d01cfc9bece06c9b3b783f3d55b2af392b4e6ad77734662676613b996985940ebf3356cc1ee831600f927d42a072f36
-
Filesize
50KB
MD57f7fffbeafc6785b83a23a24e82b06c4
SHA185ef8731525a25ab74b53146396b4af24962475a
SHA256dbae5cf81f61b520812582cb5350481b9f140dbab735b5f86b81ed0c564bdd7b
SHA5129d1b578ffdef5093c33c850111f210e490c233372f09c89a139158981754a0b662b6b0c1906ec78bb089756d7fba59f00eb3337207147d8640221db7ce370df8
-
Filesize
727B
MD517a3d4000748100d855f3c1f84ac65a0
SHA1fb841cb54341eb80b9560eb33d85f7007ba838d8
SHA256974d6fb19837b6ef7e1a9d0c697db34d9e1180fd17be7d8907643bfbc4036da6
SHA512bfcf618b77142ef555cc335279c90539ba10b779afdd6cc1d4aed519d46b923ec05390685a389a6582b8d226a1fee841d10dacbdc34b9b567d54eebc8f7c2f3c
-
Filesize
404B
MD53f0b85477c928bf2d86b066582a0aca5
SHA1d68e82f2e08d41d7c2997b798eb5ebc2677b7333
SHA256c882e1cc11ebc2c62c2645252e1b879ade1227c5d8a57b392773496887fbfb7b
SHA512c8ccda093a373bee0ab27d796052709c1b237de5eeac529f4abb9abd54f2763bc047a36bc25364be7a35bef6af3a12ed6a6ed063ec516a92eb3afe242a93855a
-
Filesize
152B
MD52915233ace3b11bc8898c958f245aa9a
SHA168c6aa983da303b825d656ac3284081db682f702
SHA256b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e
SHA512e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890
-
Filesize
152B
MD5e1fe3a26bd35b84102bb4203f31e74c7
SHA145fdfa8433789b575eb64e116718e62e0e0cf4a0
SHA25626e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee
SHA512d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd
-
Filesize
1KB
MD59d341b98c56d1576e663d87452362458
SHA100c824a2121004fe49ed266e37a69c6b206af963
SHA2562bd2f5b15f7d5fed2ad920795d5501c9e908321ac3670853e509223e389f30c7
SHA51287f6347b103161165ecfaddd64bf5d1f7a67e91e02fb5721f50f228b3517564f0b6cd176c81c7f0fbd12d32eb920e71f214ee602b9524e2a6a1d037e70af9b46
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2KB
MD51ee117e7a389ac0dba9ebef21dcdeedd
SHA16bd3c313502576f90bda74adcaacb213c7b706b7
SHA256a5aae4303b1af098b849504d7dfe45fe4751317a8b758ae8dd139292b12f0526
SHA512cb7d999ef573b3032ecd4b3b699295ae5a2662f691b3d4c32ed01f54e148f1b743123e67a87ac8c438a83c261c4fe084e0a806f7da43434123a5ce385415822f
-
Filesize
6KB
MD5b196135455228dfc001be255fdb98493
SHA1097e6dd3b76655b1656e2ca36a060b8fdcb067b4
SHA256a2ca7393ea0b2071fb873235bcfd2ba53ac5d9399f975d35da09f42d0b98b799
SHA51292630d60cb3718b47b258a2e35d0a1ba8e6ec77a28aecd9e6291cc16b8986fe995316b36edf111c06376d6b001748adf97115804c106d9d361ad73f9c6fe6dc9
-
Filesize
6KB
MD551d3b84e4ea2d1508cf6780ec6cba3fa
SHA15f59767e6138c56bc7e0c1e1e79098ab94b686bf
SHA256766743800b1a9e346ac7206142d9241c2e28ec29bff31575227a83a0ef7c2684
SHA512b53246db93e354fc1ae7388b6849b71d70420a30bbb90896044f6f5c6c9cc9333436692aa780b31da1347afc0812507a3fb3e4e41515d04ae3aaf59257955fb0
-
Filesize
7KB
MD565b6eb14a02a1ba8a6d00ba8e6e45868
SHA1813a83515a686ecab65f8ea2821bbf7003e6e90e
SHA256d57c3bdb992814e42429598f3a0aeac60c204b3e0646995ee8270d29bc98735b
SHA512948c8f2a275ec5e4c9e7d0ffe5f9d6b61fa9fe34363cc9d9ea3ff30fda695e4e3c5e70d8c07c99a0a9dfc2b50032ec2caff32f81371e5831b185b9104987c777
-
Filesize
7KB
MD592eabc8c635cd1285abf55994d15620d
SHA1e861ded4c2c29022650ff09002b69f4bad9a84a6
SHA256e16d0cf8a8d8c79c50076fc02d635beae6879d42147f7c17174881c0ec31f088
SHA5123d738972b0336e2e2e9f5ee4359e0acf4032b4b030fa4340952144b89f255190b7e9524747d76a817a86bfdcab36fbbf436894d5d077bb99e82fb926c712937a
-
Filesize
1KB
MD5ee8b23aea161a58e81740245386eea9b
SHA14437010a5cdc117d507967ef10b23c2404344f71
SHA256bb41c13381fccff5068b19a3bf20383e9a0c93a30953d9aa8544037161901115
SHA512e0648c5a1c5e12ca1e797b21368cceb6d101ffd71838a5f0b4e158627471b9a0dfe4e0a8c18a5aba220a2f389aa61d7a6af63eb7f2a8e1208d0f117240828120
-
Filesize
536B
MD55df5f94d2192a2b81867a02758496bfe
SHA15ed53002b661a322b4488b92b309da8603b4c3a7
SHA256a1b2741597492758f12be2ea0e41fcf56b732d5c8969d6942c9edf1fab21b16c
SHA512efd00c2aacd058f1d4dc9cb948726d6345318e41a59e18e860ac92b56ee2999b4f7208412c309c346311ee58235c310de0db9a62803de43dcd1ae6e8bf9d8e5f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c99c5fe5cb3afc37ecc579dc6f968246
SHA1c7d9737338d8b1feb02b71ae522b238561e9d5b8
SHA25655eaecbebe2949e3cf2c15c750e65124023b58b8bf198edbab5aa2615c0b2cee
SHA512b64b262b7b5c6eb9d8828d43865d5c917673cddbf6483ce8f42ea07a1bb6cdb449d2e60b28d8a6f020976c5e3407b195cb13c31288d47fcfceec64d7ecf211a9
-
Filesize
11KB
MD5c8ff6fc6a00c8439fedc5c4d0f2df52f
SHA17c32c206aaa81bdba20188a4f0a643de49e7d005
SHA25640d9f94f870de27f3b40cef4ad80960481285349bfad1fbb730c0b71fe2ca49e
SHA5126eed231986b35d3a43b6e2bd67c34bd2ce34bccfaf32aef6f086a33bb143ca9ac24703f31f65c4ee6a80fd15ee6967b5fdfa30b83335a90f267affca766283c3
-
Filesize
11KB
MD50162605f72a3d0c518a14c9144cf2eef
SHA15508bdb9ff6883a78d8283f47d390e0865085836
SHA256b6cb814fed6ca043f3919c6fdfe25eead8f6633bdba373173f2c2b2b35a9b7ac
SHA5127432717edae32609d03647c9cd71e7fa807ff301e9f4ba4395c25086aa7b4734ba109034bf1c17835b7f4a0e2307b389c2ccc0d13f5a79a6fb51bf8de1b1c056
-
Filesize
5.5MB
MD5d81b5f1043ece3954de5a7c9d7f930f8
SHA19d57a77752e2b54bb6947d92f33c97e37e251008
SHA256190e5bdd4c77c164106728ba1818e5dee4da832ef40884c39deb73fcf3c63a32
SHA51233134875864013c87b7a80338560b1e845c85064a947df0dffe09c5814fe02ad2009885ce0017f7cd0a1b1725b8b6860e8fbd2b2a30b4659b58652114c5478fc
-
Filesize
7.3MB
MD543f337178c43edf715fbdf2e959e15d0
SHA1b353117b01441b63fa40fb65ca07f30d501ef2b6
SHA2564ff22c3f02870389ff042b3014847e8ed2dd49306bb61437967066fd524446d8
SHA512994def9f953d8e33073c04ffb6d5b0e5eac38c7430616823d8cbccdd76f38aad2bd56784526d6bf6385cc385947591b207f095840535e5a477186e0732b9e755
-
Filesize
3.4MB
MD5e6d634b254c818bc36e0359538cb7ace
SHA102ec6b1121223b455b4672f850ca752ec7371c5a
SHA2566a6200c6a8441d667d25c52750b0b7a3e48367c3b6343ed1e0d3edd5e43f8539
SHA5121350dbfbdb2038ae22213cf643904f01150f3b89f226f20fdb72055e03766386464920086ce447c250f13a3a494aeb340626553b5acabedc1c63740c88d53859
-
Filesize
540KB
MD59321731c44fb531cdceaefe14fd13489
SHA1ddfd199d4cbef87439dab4add0ef4980fa272b77
SHA256434f0b25b56b853c26bc04e365aa2eec3563a2d1e83a39b471c18a8cc2ddf5e3
SHA512188712f7f6be4f2f6e381cebcec90e789a3207751bdf1e448ddbde4c77c0bf92a5c4f3556ed9d0dffe99964377aab54004e0176d8cfb7cf30afb526245a7ea61
-
Filesize
1.9MB
MD5922be790a111acce21e21dddb2b346a0
SHA144abc66e873d291d2123fcd54a98471267369ab9
SHA2569e6da1e5d4cfcef4b6c463c2606473cd2a7b1cb3fb428857b39639c73e73ae4a
SHA51236f9403beb2566e048aab3091052d52ac058c2152998ddb28de35b3ac0fd760c8027fbec0ad060d1f872fb79e1782ff35e4debc77e6268b4bffb6b9b8eedadea
-
Filesize
720KB
MD574caed2618cab1c21fdd9746d688cb2a
SHA1fa64f4fb6b82431171b0e725d9fab082f75c13e4
SHA256a2a3db80d4c8d1ee9c52a3620df099ffb5e56eadbba010ac71d94588773e92f4
SHA512d806199e2a5d852695c321ed56a79da6e583e8a877c41a9ef29ca9a76513fa388cc2058e539bc91b701e4de6191871c97fba8689ced14d6013180a3b5dae7b6a
-
Filesize
384KB
MD5229230103408fb024f3b0202aa03b89d
SHA1ac1c74602d0266c354b8aa9d5f80212f169a4e77
SHA25699d874c055615ac8c7012ccaf4b6e12a6b469ddee1d3422d20fccb2041877fd7
SHA5120c11122e94c363b97362eb331d1ef166e37ff55beee90c3bfb9f41cd70c9967ce0099d6d1d5020f5439dd13a71545abb94ccab4148dbd499ecafb191367d416b
-
Filesize
5.3MB
MD512e9ecedd11898d5ab631466857dcbe2
SHA1502c9f232f403f94721f1d0a0f87d2f9baaf5f29
SHA256cb87751ac6ddd7cd61e84ccfb0f5b88fa5dd58e79fefe5b2d64ed0967d6a76a8
SHA5126bf6e681fb55f7578cd1b28284fc06c9c5edc6c0093dc0214949bcdf3624e2598a93bafd200faf020cc3b5840acd60f46290f022036d852195571c6d040e61ca
-
Filesize
1KB
MD59b49261883f7856a103b36a9cba47bdb
SHA1e319631b3e0def25d5f0d87a75a44d15185b37b0
SHA2564e6f1f5c004636640361e92b69d5b53eaed3c1ebaed2c0f3b32d202cca5d416b
SHA512458cd3ef0305f9accc5d0ed77ea8eef8062454cdb1d362e23e9eb2770d18159963bd64e1d059e27156cb030e3f5086f132bd018c071faa2f69f780ea26bf7d80
-
Filesize
2KB
MD54b72ab1067b51c4cdcdd13b33223f489
SHA1d2770b90069b067a1c9761aca6f81e55cc1fb010
SHA2567f40699eb3e8d898af0cd78f94796e280cd59a96026e4a745d6bf7fd00f89ef8
SHA512e70cf3fdaeddd605cd937a4ade4d629d46c07a65d093700d91a869897eb09ce3c6a330a0695497684d1e9977fdb4c7d9ba7778b8c3b12b9199146acd84fa1035
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
1KB
MD551f9a276de36ae96d7be29bf7bc0a237
SHA1b4f8f51223b543bd3bd51cdf41d327d480377189
SHA256755c450e058c90b067a2902e977f65878f72b4661f4dd879b4feb2d9b57685bf
SHA512ed7c044a7da5d91c2dfb0ff623bb84af0cdbcb364967a7a43509dd1620c3640048da0093ccd24fa929ef993541954cd2da55075e103667cbecb7b26ffe69398d
-
Filesize
3KB
MD5522ef1665c01143605c943bae8dec87c
SHA1c4f722d0e3fa2208529b887c030824ea2f22148e
SHA256b76be094feda5b8c5ccf3baa9a44616ac412c3976cca44e005b7039b1bca33e3
SHA5125e0cd99ddec2461d9f50ef9d828b66413b1e01ed80a789856847f79061c566000a476547638c1f578ffc9f3ce2753cf26cf58b539c42b50f3979df859cd097d8
-
Filesize
1KB
MD505bc5b3a4d82535479ee3caadccdaaf1
SHA17b8a28c8f5af59e3bb3b86299002b943f68a29f1
SHA2560995ac45cdffb5c14c2b9d00c0165c05ef666a6409f91229d3ed7371d0df35fc
SHA51223f0ef29861d07cf91dc56620af96dc78f87b737d6b125fdbd84965b1315ca5bfd11339ce8f9084ea979a96afb0ba5ec8569d331b9fa80cbc34dcbb4bc5c79b1
-
Filesize
3KB
MD50b289b399e282cc41bc8b1a6b6d12da3
SHA1f1d9a10a43ba12d14a49da54bf885f83849f3209
SHA256e4886c57c3fb24489e8f5e5e151ac3896938de6b48c55ec588f21ffed414520e
SHA512be06f6db2a85198b8c520fe6e1eeb0f4d5f10a0755c96504afd01c375a8b92aa1712d245fcc795b80d503fe92e18779f24cfdf3410110bfd79e6de8b4e7643c6
-
Filesize
25.5MB
MD5f3df1be26cc7cbd8252ab5632b62d740
SHA13b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
SHA256da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
SHA5122f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
-
Filesize
858KB
MD5504fdaeaa19b2055ffc58d23f830e104
SHA17071c8189d1ecd09173111f9787888723040433f
SHA2568f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb
SHA51201aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366
-
Filesize
268KB
MD579d86625b64b0fcfc62e65612f1d8f48
SHA18980df9ee6574cc2e9e2290d015a42023b8279ea
SHA2560c79f5d2c62a344f0b7ea382d30912addff3fec3a6c8f905dbdc7de6e305d557
SHA5122bcd9d3f8ac3139c946ca182b5697ab88926378e613140ec17d1e2c641fe6708acd3246376047a069282260aeae70fb22f0bee077e0799940ff9cc0fd31ba9ae
-
Filesize
675KB
MD5e58bf4439057b22e6db8735be19d61ad
SHA1415e148ecf78754a72de761d88825366aaf7afa1
SHA256e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058
SHA5128d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c
-
Filesize
50KB
MD5888eb713a0095756252058c9727e088a
SHA1c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA25679434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA5127c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0
