Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:27
Behavioral task
behavioral1
Sample
main.pyw
Resource
win10v2004-20250502-en
General
-
Target
main.pyw
-
Size
90KB
-
MD5
634363e3508dc76dc9df5b57c9835911
-
SHA1
73249efd62db5c5b5c19910c1786bff04d09b0ec
-
SHA256
8b4dfdc5e60efea6a655ae48430ddb6f3656e6b7a5742a57f4716101a0778bf7
-
SHA512
ad1b3b8d0b6869c9e7ae38d78410786f75e2fd509b8d4e226ac1330748fa2a533c1f5dc2d6c1d24900b64736b32fb95b52cedf22084da3234bb1b8853bb48def
-
SSDEEP
1536:r7YbOOvQ2L2iuKfGmBEJELs/RdKOK6aaXlIAVcnaaU5ufq6lvS17p4LqDE9vfcK9:rkqOvQFmBEJELs/vKO0vu7p4d98K51F
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959941081621832" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000_Classes\Local Settings OpenWith.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 1988 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3904 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe Token: SeShutdownPrivilege 4712 chrome.exe Token: SeCreatePagefilePrivilege 4712 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe 4712 chrome.exe -
Suspicious use of SetWindowsHookEx 21 IoCs
pid Process 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe 3904 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3904 wrote to memory of 1988 3904 OpenWith.exe 89 PID 3904 wrote to memory of 1988 3904 OpenWith.exe 89 PID 4712 wrote to memory of 4920 4712 chrome.exe 97 PID 4712 wrote to memory of 4920 4712 chrome.exe 97 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 3496 4712 chrome.exe 98 PID 4712 wrote to memory of 5800 4712 chrome.exe 99 PID 4712 wrote to memory of 5800 4712 chrome.exe 99 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100 PID 4712 wrote to memory of 5008 4712 chrome.exe 100
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\main.pyw1⤵
- Modifies registry class
PID:5700
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3904 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\main.pyw2⤵
- Opens file in notepad (likely ransom note)
PID:1988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff91e3dcf8,0x7fff91e3dd04,0x7fff91e3dd102⤵PID:4920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1936,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:3496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1612,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2176 /prefetch:32⤵PID:5800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2408,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=2500 /prefetch:82⤵PID:5008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:5304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:5208
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4420 /prefetch:22⤵PID:5200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3940,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:5280
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5348,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:5960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5580,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5588 /prefetch:82⤵PID:5936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5784,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:1612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5764 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3268,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3048 /prefetch:82⤵PID:5432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5652 /prefetch:82⤵PID:5764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4724,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=6204 /prefetch:82⤵PID:4008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3300,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5708
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5420,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:5948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5932,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3620,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5804 /prefetch:82⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3348,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5808 /prefetch:82⤵PID:5328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3272,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5880 /prefetch:82⤵PID:3124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4440,i,13438404914947591526,16262273225730755959,262144 --variations-seed-version=20250501-050124.630000 --mojo-platform-channel-handle=5884 /prefetch:22⤵PID:1592
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵PID:5708
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵PID:1584
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
414B
MD5e82af4760fe8244e987eae46be312c46
SHA11e9930ff3995d5020757ab516b1a61a66a76aad5
SHA25625131f24cd744c2d37894094cbc3c5e0a41eb12b81dbbf2bbdf9c18c6c8f99a3
SHA5125f44da94ab1ea063fb4d537c13d6f37fdbb85d360dfdf66619fb9e381fbab8061652321f7d7e670e455d38a5e807815151b84639b7e626414590395f711ab280
-
Filesize
2KB
MD5e36f890b7a617194599a11ce09ce32ee
SHA1e58f125e5f2a5ff01d47cb39a910aab530478337
SHA256523c3f99e46648003f619db8c239ed44e7916786569380b73d32a499d124f2eb
SHA51238aff04e133df4376a33292b65ea5feb0f6358be507d2b43a88e99bc395ff745a45aba4f29c0c6f39bd27f4a1a0971f16775b2884c6dd9c20f3c32e44e686bac
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.93.1_0\dasherSettingSchema.json
Filesize854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
5KB
MD5c372670822b7acd06cc849f862fa1516
SHA1d886d5653effee0b3fd86ebabd8a01ee980c73ab
SHA2567d65b952430d703d360deeb764ef5789d07430765713ca633b0cc894e26f6dcb
SHA512e2ff1320ea8b4cde7edee117d7d59c9ed61b5c9be2a0b008b79557b959d1a496488701afaed5531f0bdde17be1bc6aa37a7ea725e3a88e34d1c811adc4581ad6
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
11KB
MD5b15e7e723b4eb9437fd1dcd91fff5bd3
SHA136d7d37cf572630f02626ff1fb17a932faa200a6
SHA2561e47cac1c1a5f5d48bb80d03c059a9371318aa5ec72b386e5f4491fb7dbf2f0c
SHA512a4a2d1d924dc34dba4833479b7bb92fde1309944ca5ccd86b751b84556cffbe54053c8a434f637b0c59f4545bea0ffeb7f4df8ede30b275a5ee8974fc4097fb8
-
Filesize
12KB
MD573a2bf8e849c57e4b8ad8083c7c2236b
SHA19930d48eb42f09453cfe230524a4f3170fd07094
SHA2566bb804f6cc39e2824a9ade00238c723a8b4c8565017392f7a807f70b7ce51f6e
SHA5123c9d3fde343d2928bfb173e8829fa740f58977e41aeec8f9898d34bc5d4380ee1f28ec8cffcb4c0dcab2a1a0cecc9f0166552bca29d8394f05bb25624852fd59
-
Filesize
11KB
MD58efe18b5b2f7bfeac0a3334d3beb32d7
SHA13ba0baebae2d552d5ebaa3ae818f93961a14d8f2
SHA256f47525035dbb93467398b01885a480aa746d617a887157d586a5934a24b3c66f
SHA512e21d876ae97574ff1ea04b6c634194f7b04bcf9232c81b82a75b20e5b66732892d2eab170203969b15365bbc0822d4cc29174f4307fc5d2dee8ffa370b8dd279
-
Filesize
11KB
MD599c9d3dfd2e78d5e78abc69ec2d95140
SHA18982fb4eca2a8fb5efb7932f9b3677a0783cc470
SHA256a226fff81f7df5f8b25468b032aa3adb5993cacb7a94e28e707e5143b23b53ef
SHA51261e772d732c4b1fb8f19f131614d19d60064b75eefd8be6247ea1598c72ef0dd1e1adc3cc6cb9eb24ad1c87da922ee94ac6492299912b01be3522def97c4456a
-
Filesize
11KB
MD51b3149b015ca951b9992991961bfab75
SHA1342ec5cd7b65269fb85093d918f1ba1079142740
SHA25605ce3ab837bf3c22aa23bd3ecc911cd4a15fe29d4a2f082d99cff4dfe17c62f5
SHA5125a59eef09850ec86376333bd59b2b6972bd08c6e68ac95415b2a778d2c0deb81f5af065dcc2499a6ccf0d705fc7eca921895456195f8f1dc2490c0a2afaf7c2a
-
Filesize
18KB
MD5495d50a5053a5f5a9284052fef262ae9
SHA185e88ce5b8d760e108c28fb983c1131debd2522f
SHA25682134e099816357d9f815df87a977587f24e24567529173f1c7943b492f3ede8
SHA5128ff761dc2a1f26b5fcee8d005bba0b04cc4cd2fc0d989d65574ebc9c3f1232fce785ab4b60d1deb7bb185a6103a742eaa8d482fb2cc7ab812258670faf34a5ae
-
Filesize
15KB
MD5e204fc7a3880332b2d73e97e787db08f
SHA165c5aeb58816f49f2a5f6f52e7d584533a0f2d6a
SHA256bc71471740d317a9df57193654ff802bbb85776e4bfbe91a0a5709d98e8522a2
SHA512d6be7bc824b812a6854c6a38a9cbcfe3cdb670de717a7f78278c56512faeae4bf56fc00b67129bac2fec69b74c13565787e0ac88990d12b6845e80b73b88fc98
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5878c0eb73fca4a3bd9275c233201a54c
SHA12c3b0774a759334352b507f2d3824071a64edcb9
SHA25672d8e8631374c551a715bf421a004bec1bd2da7a48092dbfc92a1fabb00f3c7f
SHA512a34782b39537be02c91cc74a9738fbd58e55d9c5e862fac55eb7f1ace177205ee40c656a8556991f284cda1e56c8319646657fb117ac5c088f6736631b330bf8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD52b67fe596d22039b9b27abbbe2c40f8e
SHA1c58e255d3dd8534a0dea061aa82bb0ca27dfddfc
SHA2565d6a7312e7583ba3d2671513c3397274e0af0693fc7fb430bfb8df3d2c261eb6
SHA5125f67658fc5506fd5a1d29f17207fc201402587c7082a60b8f77910cb7a4a75ac3fa1cc78a358b4bd5336db63b09c70923b65ea3302f93c1b1ae359b54b900b47
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590788.TMP
Filesize48B
MD5f5a7c0558f7d9240895226bfc3161c24
SHA141471d8bfcce31f9dbb58932a2e16b7282e00f96
SHA25627db2e1a147f4811281d4151915f0fbf402bce9dc2f378f3a916220736494b21
SHA512e1785292bd2f8a26de1a3c7c0740730a22d6dc51acd4bc43e3a37a14ac9c309d16e1d467c90cea8b000245b86c7fd6d564bbca97901121a84004f915558ee9ed
-
Filesize
161KB
MD5a7bbbc81b647c43cc57c76453b472fd1
SHA1ee7765700fa1faba27e4bc10ca7fd78add92311a
SHA256bebf64e14d698a0669817f95e3024f5dfa8a86c954974c81c7811a12f0fbece2
SHA512438012c8aa2e45e5ee13bfcadbed2a75f8f1a417e0ecaec71478f012e67648db58dda680f6348f591ca1e26308e32927dac87181f21e87a5c953af77f60883d3
-
Filesize
79KB
MD5a23ada9e1df88fb209557cc4189db2f5
SHA1f2ec8ca687d7f346c0d2fe827f9829600ce4e23e
SHA256be5d368c9eac4473504a3a8e3c32a61d89aca32eab8079b019d8587e9bb7cea1
SHA512ea74003125c55131c97c3b43a9d2143be233c4d30df6b4b12d48cea2374937096a9e9c63f92e6e6a3ba4eb636711f18cbb8aa68ecf4cd5e9fbb8ed32e847495a
-
Filesize
161KB
MD540b837263834a5d06d4ed78ccfae187b
SHA158420bd40a6988b7d5627094e7fb813b86989e9c
SHA256a9bfdcd06c6e3333341e766ad123e8cf53dd489afbe0399f8912a8f49f95ff14
SHA5125d9eb305190299634852b0206b4565dd51883b731e43c0177d62714683c193b97597bb1115f5ccc58429052ca481998889f5a23112bb356c0466d54a9c1316de
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir4712_1378269821\4a4295bf-75d7-4f01-9717-3b3c2d0018a8.tmp
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84