da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258

Analysis

max time kernel
149s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
10-07-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

python-3.12.4-amd64 (3).exe
Size

25.5MB
MD5

f3df1be26cc7cbd8252ab5632b62d740
SHA1

3b1f54802b4cb8c02d1eb78fc79f95f91e8e49e4
SHA256

da5809df5cb05200b3a528a186f39b7d6186376ce051b0a393f1ddf67c995258
SHA512

2f9a11ffae6d9f1ed76bf816f28812fcba71f87080b0c92e52bfccb46243118c5803a7e25dd78003ca7d66501bfcdce8ff7c691c63c0038b0d409ca3842dcc89
SSDEEP

786432:zRd0l0X/46+nq1rcVqA5Z2bQcLsv0GlYrJF55e2nRk:L5P46+q1QTILMKB5e2nRk

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Executes dropped EXE 1 IoCs

Processes:

python-3.12.4-amd64 (3).exe

pid process

4948 python-3.12.4-amd64 (3).exe
Loads dropped DLL 1 IoCs

Processes:

python-3.12.4-amd64 (3).exe

pid process

4948 python-3.12.4-amd64 (3).exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

pid	process
4948	python-3.12.4-amd64 (3).exe

pid	process
4948	python-3.12.4-amd64 (3).exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133651097966579881"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

taskmgr.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings taskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
2228	chrome.exe
2228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2228 chrome.exe
2228 chrome.exe
2228 chrome.exe
2228 chrome.exe

pid	process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3732	taskmgr.exe
Token: SeSystemProfilePrivilege	3732	taskmgr.exe
Token: SeCreateGlobalPrivilege	3732	taskmgr.exe
Token: 33	3732	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3732	taskmgr.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
3732	taskmgr.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

python-3.12.4-amd64 (3).exechrome.exe

description	pid	process	target process
PID 2860 wrote to memory of 4948	2860	python-3.12.4-amd64 (3).exe	python-3.12.4-amd64 (3).exe
PID 2860 wrote to memory of 4948	2860	python-3.12.4-amd64 (3).exe	python-3.12.4-amd64 (3).exe
PID 2860 wrote to memory of 4948	2860	python-3.12.4-amd64 (3).exe	python-3.12.4-amd64 (3).exe
PID 2228 wrote to memory of 4952	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 4952	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 664	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 3564	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 3564	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe
PID 2228 wrote to memory of 1000	2228	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64 (3).exe
"C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64 (3).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2860

C:\Windows\Temp\{A7CA09F9-EA9F-4811-80DD-B918F3B9AFCD}\.cr\python-3.12.4-amd64 (3).exe
"C:\Windows\Temp\{A7CA09F9-EA9F-4811-80DD-B918F3B9AFCD}\.cr\python-3.12.4-amd64 (3).exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\python-3.12.4-amd64 (3).exe" -burn.filehandle.attached=556 -burn.filehandle.self=564
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4948

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1ae4cc40,0x7ffd1ae4cc4c,0x7ffd1ae4cc58
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1716,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1712 /prefetch:2
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
2⤵
PID:3564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2208 /prefetch:8
2⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3644,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4596,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4288,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4772 /prefetch:8
2⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,8537163834880902740,7519107255689107773,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4828 /prefetch:8
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2852

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\182c4c43-528d-40f6-a195-24b3263bb73a.tmp
Filesize
9KB

MD5
84204089b163131bd7f9d33381fa5389

SHA1
bdb61016a476e776146f8244a21dd3a1ac0a41a7

SHA256
3441d87cae98357d9dfea9d8e2d2002d5421b7f5e44b16136da49115f1867292

SHA512
12235dc534212fc2447e87c1fe2f4b706bc83e093c8357f4cd368b5fd848d503b7a8052b66aa47ecbc25b2d309fa874b12700fad808c58deea778f5456ab9677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
787d48d0a7096a8b18284f89257922ab

SHA1
c44abedeac2064a1eedf6b4f2175e98b3d2ec4cc

SHA256
23ee52e03343843e183e56fe2f562594fed33efb216e32bae48a71f4c5b12598

SHA512
30633edb6f825897d0e468e382afb3f18e4a81c7b6a88ae5bb78056a91077654942b333850533841f10a6dba4322424679b0281be2a3d24423c3f8643a6e5a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
d9232a4c5fcb331d2ee09da4e1515b1f

SHA1
929fbaacfa78395987069ac2fc35e2b0e9c480cc

SHA256
9ff668558974d840b99e22b770ce285a55bd73b34a9e83514e027061b0be76ed

SHA512
341cccce33238b0fb8369dd665c0e6431aacb6c05fcf3bcd7a1726a1d1d2e6e78d8482099e8a1c1a53fb415e5d1b049451dd573b61b5814a27565ace62c50567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5bd06cbf3f286178a6f7d9a040041495

SHA1
5bb725976ff412017efd8ebff36f13351b79fb72

SHA256
1c204334efe0eb8bb54d379fc0d1d20f90de92ca364681c3e5a9650195f0c1bd

SHA512
2781110f8e4d80b17d7fa38e73db8da89fa23305039e370e9753f8eed8a04d597f5007b1d5144a9b1180e12df8dc48726eac883a41458b6e4562bb270998ea32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
d1130b9ee90ea98ca263d9511a88d19e

SHA1
6084e644a52f2da45f4d200b2b47ab0fdbba5eb4

SHA256
8b64283504c90e4cb805fc70e32a21985b45bf4971636506862baf8ea530f1b0

SHA512
a59ee952dc2b50a2f52fb0948a2c739e95755fb4c4fceaf6fc0e4429982373874be76a002c07d53483922e833f4110c05dc3152591d15be5cddd444f1b1c6b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
011046cb5281b59feb59a07297a9092a

SHA1
a599c208b33435c55251bec60e039c34878daadd

SHA256
ebdcf820cf96dd982c3d4260adbdb31f872eb1d2db2b0ec12b87dc9ff9c2ed6a

SHA512
a39a561e6bcc8575d98875824c281acb6d3c4b3f1fc9d60e8ee2012b7000009e5da7025b56ebb2b89e6c9626c3f0374da97fe5aadb38b13840475962ee6d9c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
60189263cc34ce955cb1792b6119aba0

SHA1
43b9c8c0af91d5914294325a96583943ecefabaa

SHA256
7bf686684b837ede94b93a1db79083f647da987b8c20d7a961ff8c2141872d26

SHA512
344438fd5b3ee60a1335fd84b758d73ce37329722016785898ed271455efe84deac7bfb2377cddcf6b940384620eebcd1edde58771452028512c8f2dc6a95da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f41283735f7c1a2d61ce03b1bf53c372

SHA1
d7534a1de9213af3919aa0904466fdbcbf3a10d2

SHA256
441bdab0e7c82b55c71aae5907642b00aa70e7f648eda6941c7c0a6a61f8984f

SHA512
59521b1fa8eb4c1d9954513c0705dfdbcdbc1fcaec13aeadd9e39805b053d73748bbee6fa13216cf85d909abed54a3e07843e2758d933786bdd48cdfa21f1f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f646ed4710b57c282c42749d719a4d70

SHA1
bc2e6fdf7d064a0d686ff2995572569e6f979e53

SHA256
7eb2885cd7e017040f3a11a96b095f62cceb188bfe3385487f4627dec137e4c0

SHA512
950213ddbaac3794afba18f723e3921485d160876d2e1b307325559b8b8941468a2a2e9347ae6ce79bc5fd96af8f40cde655743c0acd3ed647aac7c4aec8a8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
d5ebec376e56b5459e6aa85cdfabebcc

SHA1
541a98eb80f7ff07d1c1904ee04fda0b47d29a23

SHA256
0e484abce81dc9b73f67315d040f5666d94e25f97600eeddf5b78c5c49a6f7b2

SHA512
76fa571708a36e06c11ebc118aa241495fdfb182b6aea222cedef319edd7a7d5e74000bd921113514563cc49d4301314f0288df06ce1628214780cd3b5257234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7a61f5da3ff498961605534e0087443c

SHA1
ce04b54daded4cf6f392d41758ae5b97c51ba058

SHA256
f565281cd51cb1662a2147d7e930029e2cd8aa335c2f0c93957e0194d23aeac7

SHA512
f093011ea46ae1331b46c7b06cd4e1318f72067fa2fb301b8504951a37623de331691a54a698279720de71602f7728134d4fbb8af49b901f66b9c4824c8db059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
97f1682dd64e2ae61bc3ee7c9b96d659

SHA1
a8720f67487cc41a56c92d247ef0c7fbd1f76893

SHA256
52456681e8ab661f1c4671d414612c1c0fb2a8d4234bf5bfea44d5d43b923a03

SHA512
fe9eee383525267d29c363cf18e6c35da6fa8a90fe0d151a8f1337bdd794d4544b896fab9413e74667af77df46ef79044e465240078fe98f1fad39116f7ac6d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
3e6953c4a47b1830b3a1070fd73bc3ee

SHA1
b682062bf335aba582dbe8817f3b953d23ff4283

SHA256
9eff3398e4587761f8b2830f6b2665fc0ce24efe5a7fa7be0fe3fe4472d2dfd9

SHA512
0e85abbe374e459c85b8a1d69f9439edc76650f5f5ab2791ad44ad88cf749eac0c7fbeb32d44108c4df83e64805134dd28afc5251c7f8f6c363a570d08467076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
92KB

MD5
468198a70909f23a83e81f4169a7f590

SHA1
b9a1263d4dbdc222eb21ce902ec355feebbea0d3

SHA256
4a4c7fceefbc3ae71dffcfec358f37f645e115ad10be63b0ace440ef473a2a29

SHA512
9b5aafc61a863465bc8a310e98119633280e191f967901c8d503790a29328ca3f2cab0f63a8b86032fdeffb0fdc859e70d1cf1d9f808309bac40b509bcd3abf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
92KB

MD5
958b8c815e5c2ada921f49c1b453e95d

SHA1
4e03ba99eec74d4ac2c09bceb521b8b043d4651f

SHA256
fc02a20de735a2c10633571b9c2ac4b0d76033f0a656a70167a11d6539bc696e

SHA512
64b8c72f13d2fa33f1a8f711bd4c19f9687a7d8da63bd68c72dd5bcbf497509ca8153c07b76694e7f5837e1690a823225ade2dbf3844ca826c6ea126a0c6c9a3

Download Submit
C:\Windows\Temp\{A7CA09F9-EA9F-4811-80DD-B918F3B9AFCD}\.cr\python-3.12.4-amd64 (3).exe
Filesize
858KB

MD5
504fdaeaa19b2055ffc58d23f830e104

SHA1
7071c8189d1ecd09173111f9787888723040433f

SHA256
8f211f3b8af3a2e6fd4aff1ac27a1ad9cd9737524e016b2e3bfc689dfdad95fb

SHA512
01aa983cbddfe38e69f381e8f8e66988273ef453b095012f9c0eeae01d39e32deb0e6fb369363cbb5e387485be33a53ac3ec16d3de1f42bb2cde0cfa05ceb366

Download Submit
C:\Windows\Temp\{FCB40B69-26BC-4CFD-B093-1EBF4210F247}\.ba\PythonBA.dll
Filesize
675KB

MD5
e58bf4439057b22e6db8735be19d61ad

SHA1
415e148ecf78754a72de761d88825366aaf7afa1

SHA256
e3d3f38fd9a32720db3a65180857497d9064cffe0a54911c96b6138a17199058

SHA512
8d3523a12ee82123a17e73e507d42ae3248bd5c0aa697d5a379e61b965781bd83c0c97de41104b494b1f3b42127ab4b48ac9a071d5194a75c2af107016fc8c9c

Download Submit
C:\Windows\Temp\{FCB40B69-26BC-4CFD-B093-1EBF4210F247}\.ba\SideBar.png
Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
memory/3732-66-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-65-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-64-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-67-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-63-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-56-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-57-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-55-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-62-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download
memory/3732-61-0x000001F565670000-0x000001F565671000-memory.dmp

Filesize
4KB

Download