Analysis Overview
SHA256
9a19ccd8eed0a74fc973cae1023cf0436813f9aa16279761a03c0ad5415c1f85
Threat Level: Likely malicious
The file sample was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 19:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 19:17
Reported
2024-11-09 19:47
Platform
win7-20240903-en
Max time kernel
1062s
Max time network
1688s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\python-3.13.0-amd64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\python-3.13.0-amd64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\python-3.13.0-amd64.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef72b9758,0x7fef72b9768,0x7fef72b9778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1424 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2104 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2112 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1384 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3040 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3384 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3980 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3048 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2356 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2000 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1600 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4124 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4192 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4184 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4368 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Users\Admin\Downloads\python-3.13.0-amd64.exe
"C:\Users\Admin\Downloads\python-3.13.0-amd64.exe"
C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe
"C:\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.13.0-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1288,i,10350430663250886864,13986829496186055005,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | python.org | udp |
| US | 151.101.0.223:443 | python.org | tcp |
| US | 151.101.0.223:443 | python.org | tcp |
| US | 8.8.8.8:53 | www.python.org | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| GB | 172.217.169.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | media.ethicalads.io | udp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 104.26.4.62:443 | media.ethicalads.io | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | console.python.org | udp |
| US | 8.8.8.8:53 | 2p66nmmycsj3.statuspage.io | udp |
| US | 159.89.245.108:443 | console.python.org | tcp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | udp |
| NL | 18.239.94.73:443 | 2p66nmmycsj3.statuspage.io | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.83.98:80 | crt.rootg2.amazontrust.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_576_NGGMMNJRATDABXVN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6bc6f91e2a5c1f3fd5d0c07137567e73 |
| SHA1 | 41127c689363f9263695ade09e453e5787daabab |
| SHA256 | 2a53e59cf6d18a573cc6f57883983818f1ebd15b1e09f7fe53514d70f3162fb1 |
| SHA512 | b6769c628dfed592ea4b7b24ee7cb2c219d47f6445d95a34dd57d834bc270edec28a618281a8e7471538550d8dc914360492c38a47de76fb9aaaafae2999a634 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f727f38517d5e22178a3c325161bf1d |
| SHA1 | 7eff3d40eb6353a83ee9cf34aef1c9d78a8dc5bb |
| SHA256 | 9f1bd232ac0a230afe3159a3f1c7c939be0965185b671fba297bda5f82c78e06 |
| SHA512 | 076177fc4264baa75909a57bfd88e8f11a26314554934f7315eb73120bc0bfba50f8d50ce3530725a8b699c2c3d5d97ddd419508da05b940b0beff5b876a13ce |
C:\Users\Admin\AppData\Local\Temp\Cab674D.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar676F.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08a576971f3e59306e8efd5966db93b1 |
| SHA1 | 3e1f9ca239c8439025e5a005e3b092a57f05f2ea |
| SHA256 | 4393c787116c1b8c59b15e0ea194e25f11141669b3b9705da064f2fe7cd034c0 |
| SHA512 | 5912eb6f350bcb37cc058eeaaa5e1ada70f1ffe9b7e2d00ecab3f0592c4437efab2302691f2a1feb381a6720abbc7caac60b47a7901e22246750620407b533c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4656de780cbce372999841000430df98 |
| SHA1 | a4b651000b74882728712595916c2abb6bd45cb2 |
| SHA256 | dafdd443428d0f0dcba2cef50dd736e05e76eae0c1e2d8fe78c287062dc12e53 |
| SHA512 | 555a80a7cae13378e707fda15598bf5e01c44bf50a1d07a0db8db57ac3992f82ab9dde15b1fed31606e67ecffb6c104caa168be90d6f3838c0801adb6a1990a7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c652654db7f581f7362f376e9417420e |
| SHA1 | d737dbedde0e7ad68cddddcd62e6cdb6063eb434 |
| SHA256 | f2e2632a97a72191a7695fa137af7ef61d8d81d97b0e50e93edca032c8f7e417 |
| SHA512 | 953809e42ea201a9f9b4baccb52f354900c358ccbdf6794d25bc24a954793cb9f391799cfc65283eaa28c15263f5d7e839c18bb1bdbff1fa2a39b1a430c46aef |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 414e6356881b624bdd2964a3044291e0 |
| SHA1 | b54763bbb18bd4dd2841ca89057457f3f505b596 |
| SHA256 | ff360ef36383f3874782626ff72f438a7ea7d5067c56d5743400511bc7a7e45d |
| SHA512 | 3d14377f2bf692fc5b633ea6e21c3d75871a4f265dea0a6fc2e2088a9175ea2db86ca291969de45ee53473b4166b6d3dbbb3c66d90826a97adaba8e7393888eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bf1f07767cfa4e9528d682ab26f9edd |
| SHA1 | fb59927e893ea86ca8465e4e1f2d93e8aae40e4c |
| SHA256 | 0fb8bc8abbc1108ee543ae409237b1e9abcedacedd14363ba64acd6d76a85ff0 |
| SHA512 | 015261a2ecb6e357ea27586346f14a5b5cccc2feb0fce8b0e38f4ed1622d22b49cae1d7f45916d5457d4949ed2e7331a80daa1988a05441e0d7bc87ef67c2a6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7b7c2d8ff33b467831cf4ff656aeee52 |
| SHA1 | bfbe44c5636fa5d401a6dffdb4f1ee661b05de99 |
| SHA256 | 50d60055137ccc061e15f1c165896210877fdb13d715c7ca14722debd5662c91 |
| SHA512 | c47296cad04a5870b16f11696e2cecbc4a40e069c49675a8160c86c603a876a27cada2bd694bb1a66d8bc51b7b92e5ef59f0ad4bd2576378e9d64be57095f466 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | acf40ac16dddb1ce7ca1ce199ecf1e5e |
| SHA1 | 0563d6a9202ec815f9818c5684473e84ce7d171f |
| SHA256 | 84bbdbb8010e3b7d2e9d7223c3399967e0f517351c1522fe4b34878508a01a74 |
| SHA512 | 81d3cd7e6c0e9be1880249d05bbcd6a7ccacd2c59e51b9c353fbc483cc4f4c00a98051ccc5028c6637d6424e8504d669629a9a266d295c63e68998d8f06c7b24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 373efce4605a41849d4c320fc6be6b2a |
| SHA1 | 0a3326714d3377bedcc2c28732cfd50156a08ac4 |
| SHA256 | 0e2239c16db36a02a72861b5396e8b638e539cd8ca7e80151fdf3ee25c14c873 |
| SHA512 | 9731c9b80e4ada3f94c4c55acac1f14607eac42ca2d0700258a8cd16e1b16c8b52a80588aa42b27d1cad0f83f3dbbff1ac1e901c2d213930efb394002bcdd980 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | deda5214bda941530e0ea7eec527a4ad |
| SHA1 | 32bbcd9362b4a53ca8c7bbecb2c8aa2e5f1e4734 |
| SHA256 | ef5134320830c4c70139b1c6b1ce92f16d94acc10fd630afd588327b4388333c |
| SHA512 | c959ece5984f2df4559be9c063aca0bf7d8aede985742c24314ba2bdd4bd4d79b220d5e8b67e1c96ce83f4815326bd0f4e763e14894f1f73210712d82b36f757 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8b3346a6c1e662e38244f110b64b3e0a |
| SHA1 | b2a750c908a8a6ab9656a6cb95b033d061bd4b1e |
| SHA256 | be7284159826b9f84a1f17cf54b86e0e064c2a9c710063a537ee6b1d6b994718 |
| SHA512 | e9e006b756b1983310945dc883bcb7e0a26c15e498e86bb5f7cd7eb33aba84c405bfafc9f0bee62b2d9d426f978bffd7d1ce81a685d1ae8c58f23cbb7e02b148 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c46107537faa86a28398ad43e1526bca |
| SHA1 | f118436a8f23be9658e7f856828092a2454ec75c |
| SHA256 | 80783a9d83571a30cc8fe75f51e3856d0ba50aea7923d405fb96d1e780cb6cf2 |
| SHA512 | 9032b6b75a062e83140160e0f5824d90266a5df90563ab698c645751978151fab7f2fe120cfa77ad0157982a89e4a9ed869b3e4d8d97968ee95d9a24e7607aa4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7168dc6b8cb8631a9d375b993a1f9389 |
| SHA1 | 752cc9925806abbd9484ec8a4fdf5853b1ec1706 |
| SHA256 | 17db10b7fb419dc8a0f809261217d6e01768632429d5c4cccd0ab4036f801cfa |
| SHA512 | a77b155713e43d419656678aec71ca1fe20e75b476dec5480b369731023cc9a658963caba3aadee9a661901dc62257640e807385ecd0618584d32832f5b2e9e6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 08ede945ba30dd303f6b18cf3fa99562 |
| SHA1 | 5dd28e45c1516fe5dd2198e1a67c894688e74b10 |
| SHA256 | b12d80828c43837a4969a56409b038f11ff701e41e790f95971253e50fa22b22 |
| SHA512 | dfd3dcf9dc8c3264825922a5f8db24669d797a87ae8ee3db5a279f52c6b78a9716de6bb353e4adcfe780780b553ab29ac5172bfac6b360d48e74508f2c8b736b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 91f5850bb80cfa289e1492819def929c |
| SHA1 | 8cb5b22f885eadb9aea8226e5b4062a0b51b2a85 |
| SHA256 | 62dbe7a93dfce2af6185f753893530407a29f3e3475fb808dbea3c21f1024d62 |
| SHA512 | 34918f1d4cfde5339ac079d02795d179b5a8ac749a38d0faf292fc1fc29071cb80aed454451dd76bc73629ee61e50ab9e7779180e8f01c9b609e746963576fea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 679c2a650b80397937eceb1898cef34c |
| SHA1 | 024a6ea9ba1b069f0c8dc36ecee0be835e885111 |
| SHA256 | 8b4ea3552e0e9082d7dc3a47e3817a882e14c044a54c9f0ad44fae444e2277f3 |
| SHA512 | c183d8e62e1d54fd4149a0bd5452b69558c3c037c92518ed0256e687d39670915ff7ad1219d4b63567a2244365ef25c3c1be0d1278bddb026296413fb709820a |
C:\Users\Admin\Downloads\python-3.13.0-amd64.exe
| MD5 | f5e5d48ba86586d4bef67bcb3790d339 |
| SHA1 | 118838d3bc5d1a13ce71d8d83de52427b1562124 |
| SHA256 | 78156ad0cf0ec4123bfb5333b40f078596ebf15f2d062a10144863680afbdefc |
| SHA512 | ffaef212d55e3bdd87e79cbfacebc0612ffc1c8c4b495585392746202dce6332383199f0206113ee95ebb4a76d718d0700e1aed9ad518d43b7569a44f0a39427 |
\Windows\Temp\{9C17E7F1-F27D-45D0-88F2-9BBDFDCA356D}\.cr\python-3.13.0-amd64.exe
| MD5 | a9b28dd6caf9f5cef0271e9230fd63a7 |
| SHA1 | 1b83a794bf2f657ac17da5443970f59c255a6bd5 |
| SHA256 | e28657d542725e31c0683557b2125b7f031b17cdd36177dbf030871cba83e10d |
| SHA512 | 4ce57206031fa0e43f14a389f3aac2256002631126020829ff429768faa1c729c0e97b2b90e9934e593ea212cbb370c79587eac165c623680b38784f64a6b931 |
\Windows\Temp\{9551B517-ABD8-44A1-A1B2-3E098CC360AF}\.ba\PythonBA.dll
| MD5 | 9751bbeaa1ccffa70003201b43f727c3 |
| SHA1 | 8a6cedbe54a955ef25477c961679ae7482481b2c |
| SHA256 | b76b8a4ff515ee27ba9da62e64a39b3140fcb35a83d42c5126442c9b4c5d5f59 |
| SHA512 | b9f0474e311635aa13b4c7d234101e2f08206a6853c825bc8772b977427ce7ce33e45b998cf051d5b70148b511c81d8c630b4757c662d0519ffe42bd18f906ad |
C:\Windows\Temp\{9551B517-ABD8-44A1-A1B2-3E098CC360AF}\.ba\SideBar.png
| MD5 | 888eb713a0095756252058c9727e088a |
| SHA1 | c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4 |
| SHA256 | 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067 |
| SHA512 | 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c8cbe39307646859195ed324bb950bb7 |
| SHA1 | c124001ee45011873c7743ba88ea5cf6938f8580 |
| SHA256 | 0364f2e05f3b708189eef9269383670ba0847e7c57331b2cc80a5d2d7f518976 |
| SHA512 | 7df407801996e95e116b3e77d54f923d52be5a64b7249e361a9e119f51cd5152ecdb636eb2ccce05012c9773498dc677c807c7990447a696bc4a19a8eaa5d474 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 421cd4bc13b4a9cc1586ecece69d7579 |
| SHA1 | 2b6f8c2843e17a607388129a804bf22c233d0fc2 |
| SHA256 | e5670896d3882761db40e6ff610e844a4b309ce2818740465319243d3c03f0dc |
| SHA512 | 8a27d61d7a4751c4f3202f9f7d4ce82ce716ea238114fe285e80894c4399a0d4c4a74dc2f0bc287e6f665ef9ea0f677c20cdea3d57fd2e4094a1a6f0701d81a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 691f03f759879def79085b9c0d32055d |
| SHA1 | 70bc5243e883502dccd19edb9d744e587901fa3b |
| SHA256 | a009af33ece46a74d19e003d355323fbc5680ea93802652373504d8ffc81078f |
| SHA512 | 969068b1e176e0d5294921c12946e9c527c44fb604369d30685ac444bb60aee8597f69270c9d1c4b87628ca8fe292a4c67104a7e105936d89398886637ffc68f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | b8b2c22c08c686f3c6cdb2276aaba85a |
| SHA1 | 39fa3740642cdc997e05b3d8ccb3e7a3169c0d55 |
| SHA256 | 731e6ec0c127f070ac495b03b5b04f1d841f0fedaef3650ce1337026cb587ee2 |
| SHA512 | 2464600c1dace112163c0d08a92e379f7233ff281449bc1e59caa8b3acb815635b0ba479d09d7fc2781c2ede689db824d483f4aa139f70554f265b69f2c584fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a318973e26f1a8993dd88d5607aa70f8 |
| SHA1 | ca253cf06591bfc302563904c1f9a7abccdb6410 |
| SHA256 | 4c500166b2efe9880024601032491dd2b0ccc8f32532615f4d081bc3c66daee3 |
| SHA512 | 038c3d6429c20e31c72a2d81e7754b6ac2e8802e49afe04ed2016a23638df180355c85d0888a4ffa050b61effa6efb1fd3af1e581ae97ef88486d88b3f33c038 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e1223bad578e0f31438ad5154c75e18 |
| SHA1 | 2128b905119bb4af37d16a0b1754fa2f31f42bc3 |
| SHA256 | 7dcc20bf1cd63b3de329e4cc7aeeb50069a943b358c27e69cf101da6404e5204 |
| SHA512 | 7f7834fc2d44e8e81059ce601e3afc473a24bd79b5872d99f8a40544da6b1b651c80909c8e6097455bec06a58f0132ab55e84a4b3fb67030e379bc4679360095 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\050b065a-0adb-45a3-9740-2bee16bff7dc.tmp
| MD5 | 5b2c1067adf7311c007cd4563bebf33a |
| SHA1 | 1d9405911706e49f9ccedc36f4999aefa67e96df |
| SHA256 | c3110e304f93712ab2a1ae6375be4b6830babbcf8dbe356100f45cc1e7b9f9e9 |
| SHA512 | 093d38124b100a7eb20697b33044c10bdf7eb6d43cea9f0f97a8f344a5fafebadd5f3b1c58eb0b4a3495548f2bdb989f8d5ca1370c77c607e6cc3d035e09e819 |