hxxps://github[.]com/mategol/PySilon-malware

Resubmissions

01/02/2024, 21:08

240201-zy471aecb3 6

01/02/2024, 21:07

01/02/2024, 21:05

01/02/2024, 21:01

01/02/2024, 20:57

Analysis

max time kernel
146s
max time network
155s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
01/02/2024, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/mategol/PySilon-malware

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4580	python-3.12.1-amd64.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
86	camo.githubusercontent.com

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	chrome.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512950090999383"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomain = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b67474055255da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f82828055255da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000006a4b9c3684e497c22c45a1be279f406a4a1d20c9d8fe78843946f8921fac8c0c72c6883c6f9398f272d8cc693d6ddefd8cc13a4e29e721493304	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1373"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
840	chrome.exe
840	chrome.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4356	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	220	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	220	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	336	MicrosoftEdge.exe
Token: SeDebugPrivilege	336	MicrosoftEdge.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
336	MicrosoftEdge.exe
3556	MicrosoftEdgeCP.exe
4356	MicrosoftEdgeCP.exe
3556	MicrosoftEdgeCP.exe
5072	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 3556 wrote to memory of 2196	3556	MicrosoftEdgeCP.exe	84
PID 1664 wrote to memory of 3832	1664	chrome.exe	90
PID 1664 wrote to memory of 3832	1664	chrome.exe	90
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 952	1664	chrome.exe	94
PID 1664 wrote to memory of 3960	1664	chrome.exe	92
PID 1664 wrote to memory of 3960	1664	chrome.exe	92
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93
PID 1664 wrote to memory of 2324	1664	chrome.exe	93

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://github.com/mategol/PySilon-malware"
1⤵
PID:2972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:336

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2372

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffaf6059758,0x7ffaf6059768,0x7ffaf6059778
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1712 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:2
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3828 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3832 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5108 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3132 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4312 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4880 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4808 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4504 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3124 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1004 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Users\Admin\Downloads\python-3.12.1-amd64.exe
  "C:\Users\Admin\Downloads\python-3.12.1-amd64.exe"
  2⤵
  - Executes dropped EXE
  PID:4580
- - C:\Windows\Temp\{FCA095CB-F834-49F6-838D-BA4C24AABA31}\.cr\python-3.12.1-amd64.exe
    "C:\Windows\Temp\{FCA095CB-F834-49F6-838D-BA4C24AABA31}\.cr\python-3.12.1-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.12.1-amd64.exe" -burn.filehandle.attached=524 -burn.filehandle.self=532
    3⤵
    PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 --field-trial-handle=1876,i,8407217576509439669,2119926956708315456,131072 /prefetch:8
  2⤵
  PID:3968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4456

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\PySilon-malware-main\PySilon-malware-main\configuration.ini
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\65c9cdb4-b799-439d-9c9c-56afb9d75bc5.tmp

Filesize
234KB

MD5
7966a7c3e67d3ebf07d1b666257c1e35

SHA1
af5931d2aa86a7b14b39e89530ab05a34473f71d

SHA256
31e5ec2ce3425889ead731fe031889130ff9c704d3901b658a319f3efeff907e

SHA512
36687811be85a035e73eb04f914f9348cd48d3a4cf786fbd3e53b400e70954dfac6679d37d25404495653e1542607f78146affee937dbbccac7cb273904d174a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
726d6077802d48de85625ef0613c608e

SHA1
430e1ebaef72ef01337682753ad72b7e51f6a538

SHA256
90bb998e6cedf2f5f3a78b805ff573618f5265058047a4f9346f655ae12a96ef

SHA512
a4b6d4e390acffa59941149f7f8b233760844c287b73444b9b53082393dbcfaed5eeafc0e1027ff99de9691c6a84fa8b8fcff066c6a0b249fced2d2974fcd6a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cc8d57c2a8a935278a1e41c58ff385ee

SHA1
2bc65b2e7768f47dd9ac9fbcaecf7dbcbebf80bd

SHA256
93ab638b4fe707febfe3b2dcae199f93755fe947dbda15749898795de6685cdf

SHA512
13d078ef9f649091a84da635ad400115a3b5aca420e8e791c7f2ce411aae7fee9f4d72b251147dd3331a3d3c1e024465660b6906c8e1d246bde3eafa010a61c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e5cf3b297af5c43c5d1ddeeeaca2bcf0

SHA1
d0e56a41d55967e3464641e8393869d34ec20189

SHA256
2914c3dccef388b5d792c4b2c2a9a42522747cb6df6321a20072f23a233a5eec

SHA512
c6609d10b4fb96a6f084d7a5626f500aad474ce65e41a332da722e6a30438ca45806e6cb5cd349222f8145d8be1b0694c0991609e24f2617f219a892441ac720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05afdbce55d0df1d8049284fafe8a338

SHA1
c4777398490c73c4bbac82b53fe02c8a15632ae6

SHA256
8159513d1352f9bc5b739bed09971b674e603e53584c85d6aa67ceb7c46db2e5

SHA512
73549c1b6db7d5cbc9d6110a021e028d54562fc3dd781b12524b8853a3304064c3c0ce295ee51af1afa0d7a9ea48954272af55832825162d7f8e8ea29aedf2ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c46165e87f50fe57e4d2cfdb57a9b9cd

SHA1
7b8404972eaa26c6a3b35f95415d0685a60b5ee9

SHA256
6ec945610c1620dd15b0d77d3c86ef7402e33908d764824eb6889b279647dd82

SHA512
23817756926537d580da482cae0ae5a93a6f9d1e34c938ad035e254e8a0048a82a506e9602e01a84932e15e5f3591a9f54d2c88b3ce307ba02308da2c3b4e7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55da6e7aec6e32b480265eac402bcf92

SHA1
c8153786a935a17e000ee3619e40f71317c2d5e2

SHA256
620b99f0f5ae22266527f7ad1f2972eee3a4f193ee38ee0fb778cd809b414e4e

SHA512
d5ad99685e3fe03e0d139262be0baebb8eaa3b31b21b2a2b3e94e05f4874029eaeb65fd0cf48b12730ebc67defa1d0f4733f82d61a3dfe7d9a6088a52d52a438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5b7a70ed8bee89f3698536bec3b4f452

SHA1
06c5acc411e4851773f75ffc19ab4589a247dc4a

SHA256
a2e51c210c88598708e9b19ccff8b5ca0a4a483d4f47b143bcc20a3a10ee633f

SHA512
e747e7b5ac200208850be4762d201f0ee9cbff86befa81586e66d726552aee5d84f20d746a1f49937663896afb3b9494f0b2c8a0c2e587339c5d574501aac6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1078dd5ed7573435692e7af8d65792a7

SHA1
9c5e86b15ad9421adeed7bd940944002fba10679

SHA256
2ab9e3f8e99ab7f561b32b223ce547a3bf167a8e086b7afa7af0d7c590c23494

SHA512
bfcac222d08508445e1211f5459e18b87be1485acbc8711b3f3ee25b3d21ad33eee06cc29870eb069321793ce14bc154669591e7e3938eab4979b804a1023b05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a394c97df62db473e2be7b39541b834

SHA1
7e4737fda6dde3d8d255055fac34b9128d13983b

SHA256
2fdd9f12791ea7608342e53359ebbb107153fb1e02c260f258b0e2f06b8c5ded

SHA512
b638a6d27bab36ac02fe8dc4c12cd54aa1deadafcc0f1e97f0a46f5f32dc8f9b7fd3f66cd2244d0479cdaf0e9ad883edd59ec91f2912655218683b99074f5c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d5dcd0d6661f0d8371f996e85ade0589

SHA1
c058de46f8823da734fadc3a61f00ec771aa03e2

SHA256
b7f950f3b8ea008aa66341cd42ebc686893034edf1067b5556419aad255660fb

SHA512
fda499d8022ebef6fbf2b78bbc0464768af0079db5fd7c610a16c9cc606d672c377fdd6c53165fc5d274dbed6e87171b441e980ab2e82b00663ddeb5d1c87a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a34c6e3a8713c4e6650b307b32d44c33

SHA1
725fa7484dcaab2cee97e31740c186c68652a862

SHA256
de4317393c27b08e52bb4a87c6a60619b50154911eca4ad812e05d89a0955d1f

SHA512
2abec6ce8a8ebea00e8c0608ad4c0679a962d9f48bee25240033439fdb9100ee244c50ecf1172c206e2e4ce3112f7a2e739ec2635e4d7db4f1fbd397d54427bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19003a18561dc1d5aa00071d2eeb61c3

SHA1
4a26c1b0a622f3ba5c83f5e6e38e154843415682

SHA256
3266a07f64b9c1059110419c450eae89892e41c60a0922ba4bd9301831a227fa

SHA512
71a5fc3ca5fbc3e10ab2b523eaf434d87955be063cb1dd67b3b2b6cc643ef3ae3e5f13abdcd92e0cd9fc5cfef51eb38178c8ab16ad0e7056e16f36743f20278c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1991f5a5d20948b82d3b95dc2c8a8b21

SHA1
e0b5bd2c25d6abb954454199136622272ba00f7f

SHA256
2a00106a8906d219425422bb7f78cca6d89c110a7efa8863699aeae240aafaea

SHA512
3d6601fb3efaf3890e0128c3bd25dc17ce4fdb00cdec4bbcf69b12b613b42c3801d40572639a442c5f4154616cf4db354bf14b1c1dc0d958f908ad41a929493f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ead82a6c521b131c54b44e4663f1fbdb

SHA1
b1ebeb9c23e81d0d4c18285cb7064f96b85a02b3

SHA256
4e66af874ae112839666ff498390304f474e16138306f99bf6f7ab8ca228276b

SHA512
aa257265f0e327b282081769a61de910d0fa9ecf71976b476de7c898e5a799a95a1034b5243af6f86d6c07ca215fed6a1cc00da3826644828feb7e43c51dff1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8692495d8f9f415964bd6789fc08b331

SHA1
2529843553302b4b6a5ef3061423abefce60144a

SHA256
a518d99c66ac1db24d1b124ee606a0c9d069409a2e2c6253afaeddddfd1ccae5

SHA512
2dc4f42d7f0b2f6529598ac533e207d54d5d1d84e977e84da940288e7f7a71a42ba776618b26e71c0d7dac89bff36d77198d141c3ec5fdd26524469b17a72e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
b689322551a745d8068a1c76162e2cc3

SHA1
c7170161c982609989abe807af3027fae4cfab9f

SHA256
c03cb0eb5796169309f1d5f4e1c3e9760f3d9f3b7991f147f5886bee0928b3b7

SHA512
a126d916c1a5ede26d0b11a5005c8860656a90f08317147b1a5325bacc0843cd6d3dfe1f87bc9411e80441071f5ff48c4513d8678731d35232340ef31bc11903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
509671f31362f0dfff67e5f85d1480e8

SHA1
b3c798e6ef23a840ddd2915e6641c8a794405201

SHA256
f691585ba4a9b14100046ce839962ff7bde519bc37c1609c13950a09e78778bf

SHA512
de38db714158bc082a1a98abe51f33c72c6004b689df4a06707d476be2ad5ddbd202a535aa6f1cb302184855886620b37a3988c6a548a9324bbac00a4a521a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ec3d09469ea5dbae60bb5b1afc61f381

SHA1
5fc804dda4cd7b2f468f88e15d991bfbbd2baeac

SHA256
e5f01890f4c46f9942abca1e8f06d4c558494958f5f35eafd356e0cbef4e833d

SHA512
67b38f7504f5190a8995afa88edca60f501dd47ad8e488ebb13ca571b268991ab3c206fa06aa946b2a9f1fb3dbfe8f799e16d3f01d6e16f8ce2a83c9263f95ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
2943fdc66e4b00e379d16dfe81e642e8

SHA1
9891754c95b8a95309e4c8532aef2fa39f2089c4

SHA256
3a82145836e03828521e39bc8cfb19f12b60c5be6185163fbecbf2674b4509d1

SHA512
7616042e39f38175b278069afbd16f9d336f5260fd3b42d7b26b06f0927bf60f7f54e245b185969912c40b18e5e0f8e285931c6a5a0efdbd3f8c25e9afa80a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
49dddac615fcd5b476f4b36894fb35e2

SHA1
50016d1976dc4518483b0b6712378bbf7bcabc8b

SHA256
9139e2bc2d1c7f5c4eb7a700644eeaa6efc66cb8f07b8e46261925d89254b5b1

SHA512
b2a1f041f42929c4f40da069124d3f4697a8bcd893465eb7c87ffe227bc96291f3f272c6a9af906dbe43a1d62e80a000812698985e27b8c17fc0c227e2f343b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590cf6.TMP

Filesize
105KB

MD5
d71b63932d7d2478b9c7a4108fd1a45c

SHA1
d0e91d263b8da2fa8abd253239e73855fa209da7

SHA256
ff8e5221634961677fb666dbc9a5f42c42e9ef8b784d8f0e5c55c00be514f1ca

SHA512
8599a71f835646e1e15684d756853166ddbdcca78eb736783c4275a28f018ff1e505b8a9848dd794cf687866a779bba4e8bc1110c6ea09db513023247a84a55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2WIJ8HO7\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RBZCR2W\dark-a167e256da9c[1].css

Filesize
110KB

MD5
16bf89ddba1dd57f22db711fabe734a4

SHA1
957574454d6cf7418b7ec21ee68b9f6cf9121ea5

SHA256
9b8c1638bd260c5ffc8f57ce371ef17210117aae67ffce5afbf141feec1c4c53

SHA512
a167e256da9cfd581c6d23cf0e71e8df6f863b162e9d1f8d32baf91adc0f89b7d75f059061ac6b643230821b6a82bcfa356bd64758a2f337e95cdceedaabdb09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RBZCR2W\environment-8224c9e1bb22[1].js

Filesize
8KB

MD5
a7798fbdde9625304320c5216e7b2278

SHA1
c32b7cc0ec7ebe8f4e79688ae21255ada1065e1d

SHA256
2a75ffb0aaf56cf7e485047745c77fb7269deb4b39b5547584235f2dd2ce7be9

SHA512
8224c9e1bb22987a0586c3f4bdbab40c6c0b12acaad9a814003f1c0db1f919cf790b84df0ec6cff549ebceffe16f5559ee72075503ab157381a83b55ec803844

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RBZCR2W\global-c75c237c9419[1].css

Filesize
278KB

MD5
0ba8025c31669a89adbee490dbdef2b1

SHA1
55e3977f67ac1578f5203c28d575db57fe23b4c9

SHA256
0b45ded2a88056bb8fd50e9fe1c9ed7bf810590063aa980c5d2909365ceef7a0

SHA512
c75c237c941999512f39427ec32d5760c619b34cad9fe0a464cd0ab9fb9114ad4d9c184e088c5cb9556622d43ca06f8f5139bc95e001953ebd9ce7d41fa35929

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RBZCR2W\primer-8d5f5de81af9[1].css

Filesize
348KB

MD5
2a97d2c66a6548a37f9bf4c452fd1c84

SHA1
1791b393bf4136c75414633d29195521441d4235

SHA256
6b6f123aa13361e17f0a398bacb8131c21ae840e59d1702ea12b4caa2dc42720

SHA512
8d5f5de81af9c7642d696eb1b0b3860e5f1b21f77628228a70b4c2d9ab6b360303576daf50828f34f2d1bf00413d5d640d478eb3fe3604df856f0b2cc6f294e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1RBZCR2W\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js

Filesize
9KB

MD5
683a7fe431bded8fbbf7b5189a1b8209

SHA1
2fb527473877ea06ec6b023690ce933c216c5d07

SHA256
f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3

SHA512
9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2WIJ8HO7\PySilon-malware[1].htm

Filesize
204KB

MD5
4bc074ea95769b559663b9f8bc0a97c8

SHA1
0073c44b937f666528adf19f29dbdcb508480d8b

SHA256
c72941ee60b7a09e8a97262b062993abaa3c32bd48dd362cf146ff2d7baf04f4

SHA512
4af9986147726761ada6631aa378f767f3e041a42d17d8998d4e451dd51a2c307be62d0a237fb3e112d7025d86f2b115fb8d4ca08a72b13e1b438b2a00197815

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2WIJ8HO7\code-20736c7b619e[1].css

Filesize
29KB

MD5
15db69d4b9721da2155968262787a039

SHA1
e0fffc9d574972c33bd444d6072d25279d255137

SHA256
3983214bd52d9afcbc224d151744f09c7c5cf0ee5f234fef1a304b4c2f3d2d37

SHA512
20736c7b619e911512e5d4d998b9256987170bb078f679b044782de773fce3042fa80932d8d7926c17e15623e84717742ba01d96f836395449c5ab6d95bede0d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\github-2f3974e4587d[1].css

Filesize
115KB

MD5
9665affe09a0c78eb002c0f3ad1bf9fd

SHA1
5966729b54556e3209f1916190c5cadcd1cba505

SHA256
56f41c0c260e2b711398cd85f5d75b6e25a3bed705e935b2a107085ea5f6e972

SHA512
2f3974e4587de1653c75c2b10af2b81b1ecebf6f4a27aea55025f2b05e078d610681d5250d381aa9a764298dd0ad344c70b3b41ab2457733828638edfcaf9e71

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\light-0eace2597ca3[1].css

Filesize
110KB

MD5
c98edbdc81b370dec6c1635959f3e6d1

SHA1
fc7c9fd6033bbc608ac6b77b5b481c7bfe162e75

SHA256
7214039084d73a8ac3457904dce9dba06f30e82c1b62bf186e791502aad5c41c

SHA512
0eace2597ca30668d561697e3275158ede25e98bb9af70b059f8a1edcd139ce4910c9e04a1d739918615d4042fd4c5d16f6d5ec0983c9785537f55aba10cb64a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\primer-primitives-971c6be3ec9f[1].css

Filesize
7KB

MD5
a22465990aba9644964f77d64b0544cc

SHA1
96e85e4c1dbab0a825931a0efc47530c5a985886

SHA256
5a5714b3410db5a37ca06954c5e34d1332a511683276730e6c85105535b9328f

SHA512
971c6be3ec9f2411afd2d8fa0a9d223eb9fd184bb36c446043d6892fd601a78b740082422544025483f0b24ebe554848e37b78eb09969a0c1ba353b91decab1f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\ui_packages_failbot_failbot_ts-f344cfdbb3b8[1].js

Filesize
8KB

MD5
5a3b4166228296c44c852e80d5986e36

SHA1
9cc69faf735030c65b2870f2dddd76ba2a2fab3b

SHA256
5e718adf73239932513155f70a0c2bb46e00babfa394d303c96a472aca9cc2dd

SHA512
f344cfdbb3b835e7ca9af9f31f46f9a880651fad192120cb4a79c55d42046b6a0ef69c69d4e11019ca87cdae69d9d7ef1101276b683dbb331633e1888dd70b50

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\vendors-node_modules_dompurify_dist_purify_js-6890e890956f[1].js

Filesize
22KB

MD5
80fa30c00e347b5bbc8b7ff9dc2c9f44

SHA1
d085fe485ada77814949e92fa9e1b1eb05ba5eda

SHA256
be77c75cf182f1830d0f90b8d7aee460f0108c6e7f5a143a524f709b9023c80d

SHA512
6890e890956fafa8187511df1ac3c80a5b8d56be5ca989da251741f59c8d1186c0efa3d374f113b0ebeda124b78dedd106ea97f487ec04cf2a012e7bdd1048b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\FC9FLPG3\vendors-node_modules_github_hydro-analytics-client_dist_analytics-client_js-node_modules_gith-6a10dd-e66ebda625fb[1].js

Filesize
11KB

MD5
ea0881634aa064550af1e9ec43bdd086

SHA1
526022c1eec777497ba69bf7d6f1370369440354

SHA256
ff375fe79148dbe8a6ff00f2b0691def67955fc89f8e7ad1e9e30e46a67ff638

SHA512
e66ebda625fb34f2951e54db4016e88e45133243afdb55de96e96421d0a190784d19dea9d83ab048644983ce965bc9b1b52eb89bb10c80569f4ff536ba5419c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JJSNCTPV\repository-b6b0e69bbb90[1].css

Filesize
27KB

MD5
e0b7092eb988e7704c078d68afd70ef1

SHA1
a2fd8a3f7610dd692907f2c9dee35525a776b919

SHA256
e27e79211448bcd897cf80fc37f963bb77ed29886a36a096d5687f7bcd8940c5

SHA512
b6b0e69bbb905dca054d3bb64744570b1259c8223e6166ba1cd93999fe1c38799e407c0ef379a24559a14fafd48727226396977060d8ee114d03b6570a17acb7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JJSNCTPV\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-79f9611c275b[1].js

Filesize
13KB

MD5
0ebf88b18838ca3926ece77027c1a096

SHA1
0f2edc27f5a23e5c2f699443c0d6572904b7bfd2

SHA256
452a443efadf60da1b19b9bf50d6cbbb25ab9441a3e9fe73b678d9cd486d80b6

SHA512
79f9611c275bf2087d6b063e2f4bf13feddab30c494b7bc968169fddf15a451aa26fe231ffe9e2eb4b9923477528ce638f5688cf4930953d372df69e822ffb44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JJSNCTPV\wp-runtime-61a5de661988[1].js

Filesize
35KB

MD5
fe08ab0631565865f8ae72e40a57c7cd

SHA1
7c445af549c32b4ca3bf47afd368a69d1fef2338

SHA256
6de64d5f6a85d0b230f303d614d56022716bb2799ac0f9217158a84973771742

SHA512
61a5de66198838dc21d0a6e6cfa0a4ada977e4b4b0c32686e30af18043f5bbe510e19b6b81712594ae9fb5ae64d3262602722a3866bc3c1be7d042bffcfd67e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WKY2Q5N6.cookie

Filesize
167B

MD5
0a3cb59a34bc08e47a120756aa91e6c6

SHA1
8ea89b1136f87a8ddc7754e30d6b0895f21fc89a

SHA256
3eb42754d782f3a9877b9acf4540d1ddd856fc3f5ca614aeae39727083cb6946

SHA512
9b342af0f0447034edf3a746546154e957cbbdb9e361e9453c81115759316ce1908d7cc44d9dd33cb70eec840d2a3a81f96493de51cc1a4b39e2bf599d8bb89d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C

Filesize
314B

MD5
7d453b8786d0ad283fc8af24a98de123

SHA1
24d6e79526a97579dbb5386ff281543fc484aba6

SHA256
47862153366ec54a79876c8872b76c7502190c60e19b0e475bd358ac8ff946bc

SHA512
211707b988ad1765af9cd8344b8c8ed667dd29b07d6f87d0cdabe35f921c1e329abd8801d258dec0f2a5dc806c2f240aec780e3f31dc0f4a233b2e9b7b11ef02

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
7675e907112f935f94d5b1fd84c7070b

SHA1
f7f3d2489138e18c9aa347705a1e997287c7e168

SHA256
e8cf8d4173e00dbd569ad58480a8a9c2a1db5b8897f3e6efb6f86b74777e4120

SHA512
fc9db9d4fc0a88775d8e59536f49f1e5a96f4e5b1774ef4ac502e715892f4645555034211bbae1dd4bfc048ec6d8d5836b179734f089ea7c599d6a9fb4352b09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1C

Filesize
408B

MD5
14d29d9b9ff73772beeaa5706a31f590

SHA1
5e3dc3cebac8b8e6ef523ae0747762e7d9d969d9

SHA256
87d018e7c8167ecc7c9dc21b2a1f30b748131bb905981e60ebacec7d4bf5208c

SHA512
48ee8d5251baef164b5f1556372aac38f3b941a3a6ece43509d05efb52fa7067e45e63b303a4e05314197790ca582e7b3b177daaddc292af04d46d6aafd6eb67

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
97ba93456c1c9d450bd9ef9dac679717

SHA1
75e73fbd125ca2043c7679a175eb17d12e750850

SHA256
a2c333983dfb0daee7257ec73aaae03f0f9e9cba10a7452aa9c3b043d09a0b93

SHA512
edb7f62d5d61bafc5f14a5121e55b9d41d80526652546b531a04e9b09b9f084217aee1b30e3eed2d95bd5e20d3aed6ccf60b4f94ffce3ad032cb80cd42333194

Download Submit
C:\Users\Admin\Desktop\AddImport.crw

Filesize
253KB

MD5
c830df515ef0e765affc8c89b71a23ea

SHA1
20ead79e8c56cd03194a7bde8e8ce419ba3fee15

SHA256
05322c2fcafbcc95fb9f15072178583aad0ab4cf034c035ec1efbb67b8bf3da7

SHA512
a822065c820776d0aa0bbc3f532a421978b30011fdc7a34a1baac1bdb50a53fd87d985d3b32a96b3e5b9893ff0da08a7c6452b77bcc6e14ea72f0eb5560d3351

Download Submit
C:\Users\Admin\Desktop\AssertApprove.dib

Filesize
490KB

MD5
9f117e544bdcc5140587ba4f34655604

SHA1
9eef9d5852f8fd2a59215c28a039e385089423cd

SHA256
17a57af36fc32f09dee14d98a9e19e15a5b56c80f83fb65ee39e2f20e3dcf019

SHA512
58ee0845c22416cd1a33a82d7cf88f8b3354b3aaaf6ad5f466cf2386943b1a28065b794524562f91b33ba1499f930f22a777fc37ce6825221ce1b8081bb99c77

Download Submit
C:\Users\Admin\Desktop\CheckpointRegister.pot

Filesize
270KB

MD5
b8a46d1322d63cf67ab1000267539606

SHA1
c3e6067a54f5919bba32d84d15f4b2bcdd0ff337

SHA256
37d4c7822114e1c7531d9624a76c159440737589589bad517fd263c236fec232

SHA512
977d4b2e19e2ab1a3652498cb9a66a38f6c082f5c59186efec95fbd9c59ea511e4addf4332a95fa13225ef4f48168a13c97e3420319e23fb2d8678f743028656

Download Submit
C:\Users\Admin\Desktop\CompressBackup.aifc

Filesize
507KB

MD5
998a716422e26dc771b0cf0019fb24ad

SHA1
5a39800b80d18426011a40192fb06c1098f2ad13

SHA256
8df8f6eeabbbc49ea140bd754e86bc0dd1d4ffb39c0f33d3f27d9aaf50bde55b

SHA512
b788f24e634266c2edc0bfe4afc9965fdc53693df5d34a591acc7d653f221e3895fbb5f63a822199345f2c21264dabfb67e8eb0e5d29f7792da3941da358755b

Download Submit
C:\Users\Admin\Desktop\ConnectNew.exe

Filesize
456KB

MD5
5bcc6ebf47d9b7da3a9b5619f7607976

SHA1
1d7e5e45f4336000b550c124c56c21de9bc59386

SHA256
630b4ebfef137351484c783bf5e47b52ffb5469f0d7777a41a580edd31168460

SHA512
b419e48531ccf76729c1171c6ffbccde45c1ae413ee649aee0761c6144344301e669526cec9a45bd1843c70642202615560ab954cb55dc1c9df373478576d787

Download Submit
C:\Users\Admin\Desktop\ConvertRepair.scf

Filesize
372KB

MD5
228d134dfb521825574fef5680f1495f

SHA1
97e619245a217679cbe768dbc12677465dcf025e

SHA256
c655f570bfeb5abffaa532c13843fa7800f20db640d9ca3034345f7c086e1634

SHA512
38c63d2c251fa5ed8986b99b9f7e1b1024c3783504d49039470fad95ffd3413f586fa7869c079cdeb6b087a23d6d6037c64a1e4c56dee90a584bb975ecbe90fe

Download Submit
C:\Users\Admin\Desktop\DisconnectAssert.xps

Filesize
287KB

MD5
22b9481d1ebd7461235a57dd6c587295

SHA1
7bc89a29dd0c79cb60eca34315e6ec667f8faa0b

SHA256
847cbfe44c46e86e2ac9a1d7528ef9e550c7cc4a23c4a48fb6ca506b02f8a35a

SHA512
2a38a3dc3e1c393abea49e91cdc1b01965e3e74139418f9fe36a946ab2bb4eecf1547b350ffe07fb8a8d616167427942783d193c447f8f12a8bb1ebdc8d39728

Download Submit
C:\Users\Admin\Desktop\ExitPing.css

Filesize
524KB

MD5
db4e6c93565e4a19628c9e3f405b6145

SHA1
bb6f0946d1f91761deacfc511d24d863b8821c99

SHA256
81526ca48bc5d455fc363984e9070a61f4ac3ce4b0280f3bebd7725252b40705

SHA512
ab7702ca967c634f8eb264b5a1d1f4acb63aa75ad761ba59fd262714bc7c2ba39b0d47bbb07bd4f6a0f2fd76057e7ac854ffd69c0970c565b3eca2fb1b8eb99b

Download Submit
C:\Users\Admin\Desktop\ExitSave.bmp

Filesize
321KB

MD5
75df7390348bb902bf24eede8d960862

SHA1
6949b22a95ba59cec25330fffe44f228c6a6e4d5

SHA256
a9f7ef0316f8aa84773fbd196887391941408af50a88b19aae633422c62abd8a

SHA512
40055bb714096ac699e6cc1d4c3e975cd7aa8de479512ceb88a6194bc7b1b47b7cba7cf8a730889e673a4742603b6acdf14e491da737208ece9dec7c75697c06

Download Submit
C:\Users\Admin\Desktop\ExpandReset.asp

Filesize
440KB

MD5
0bb07074cf77154f067f3afd790cc375

SHA1
566f7c329af9db49f02202adca43cfbc197e7970

SHA256
dc8ed198a686d3ca3dd28990e50e5c70a90771a09f07c324191e8c7e45530523

SHA512
f3cb6beaebecbd18ef12305e2d25cb88024cf6d749db8b7dab7a313054efbd1692e57a265b044c22d40412701c0d96cd9195db53fae6ec2e04def18fccd22d70

Download Submit
C:\Users\Admin\Desktop\ExportProtect.html

Filesize
389KB

MD5
6cd4a1d9957a67e4815f8a619cacc8e6

SHA1
3660f27835c3a4ed219eb19b4f9859c45e7d15b9

SHA256
43fda6ca280b9a937abdc5a43fb928d10f3c401065ee5fbfd28b1e95d5855247

SHA512
6f39908838b9198b65018c13d263722fa75e596f68185392e11759c7c94b59880636ca1997cd6bbac2814692336b57102137568ebc5162eb32ca0ff67ea256d9

Download Submit
C:\Users\Admin\Desktop\GrantTrace.edrwx

Filesize
355KB

MD5
9c3e58c737faae8f5228ed27e8cc66f1

SHA1
788540ae137631d0e9367b39874cf2e5eb0034de

SHA256
aae343dc13c4fe8b36cb96a440269406ea75e21aa0df45e387c06f6da1c9b961

SHA512
612c9ff5a41bc2864cf51778836e8210695c10bdcd4079f2e008b19873cb0b42fd172f02881b9fd23cdde7c24639dc089dce1852800a0a60c74d6069e222718b

Download Submit
C:\Users\Admin\Desktop\InitializeStart.rtf

Filesize
220KB

MD5
09281952b11fb4271b9ce08533f28e94

SHA1
188ed72c64589fbc6a2bd3f52a6e064557a478d3

SHA256
cac1c163309bdc48b6c41ff49754904f53b4cf6f775de51a1182a0c0a7cb7286

SHA512
a4139472d5b6651a8017741ddfb864698c331c38da88e24c9f8157870b474dfaf530bc1bf69398d294bad8c50767a613c0bed39ef8bf6045f48acd63f63358dc

Download Submit
C:\Users\Admin\Desktop\JoinInstall.asx

Filesize
338KB

MD5
a1e20d67cae9e6603e3f0a00deb10f9a

SHA1
19162267f3e4c55aecd454f5c9e853db27228b50

SHA256
be2895d9faf0232d4eda40640e91bffb03b4e62d3c30f94646a81dbfadafe7f9

SHA512
076929809ea601a39799b5b99c183c7475df17feeb4fdb204d2625fc4b50c32476f27eee0a743fd4447270e1e399897932b857a9d603afab35b9e7db7d1d0351

Download Submit
C:\Users\Admin\Desktop\LockConvertTo.vbs

Filesize
304KB

MD5
53a4d68c0c3907feff6d91f846cb698e

SHA1
4765476fefd3c0ca8400368047ca9e768e947e41

SHA256
1f689a8db46f45ca49fb8e859d86ac1550a4e4601ac0b3e076962dd95c43339b

SHA512
a7a05dedb7d20d0ef76e8d8157f338023317e84e9701dee7bd8e64516c6ddd6cf1228dcebd993eb440bf19893c207336e48843123f056a8f9ca0190ac85ba1ed

Download Submit
C:\Users\Admin\Desktop\RenameMove.edrwx

Filesize
423KB

MD5
00021b4ec756393af933f7534fd48235

SHA1
0add23bb398daf70ac7abb1a106bc27490fb7166

SHA256
35b4976a5a3f41c89488767947cb675882ae52bce9b3357d35ccc154d5a2becd

SHA512
f20ebd82ca0518d99f0f97dadfd79f6fbfef95545a7ac7b8a4906dc2e6970ee08455ca90496740abbc5ef5b43fd1f3100409fc965493b37cd46f8b7e3ee5cd2c

Download Submit
C:\Users\Admin\Desktop\RevokeWrite.rmi

Filesize
473KB

MD5
4799c7bac94c3b7f3d7a919316b07d6c

SHA1
6bb42e3ca7566c4bd21f79cd8f3a3110e8404e1e

SHA256
5b65279df94ce71d347133d157a80665eee96030bdff8bab78e72dadb1c03b2d

SHA512
2a768465b214121210fd89c2610a4257a7445577fc55f88fa3ab67a96bf0da10d15c956cdbe07e904472bc9c7cdda7a20ec30c7a555cc5ab1d4a009c5d991cdc

Download Submit
C:\Users\Admin\Desktop\SearchConvert.au

Filesize
203KB

MD5
a1882be5e625511d3fc10a3cbfe07f6b

SHA1
a6d60913e96992b30f2a5cea3cbb4d09664800d6

SHA256
6de40a801bc8f30a7fb7a7c9032e67d3909d7d1dc8f42471d50525d279070472

SHA512
57b76848844e40f98877a3210d0e106b09ccddd16f4413ae4284c4b54921f5ade56275372178879af01db01f0267937cec2d6a7553e66c23859beb1f760387e0

Download Submit
C:\Users\Admin\Desktop\SendNew.shtml

Filesize
236KB

MD5
593c0f422141bc941959f3b5aa8a47f7

SHA1
670e91a80f2199121f6ef59f445d12e7671c2740

SHA256
c0009249b55b475c6effb437282989f7577b8089fe94fccb85585d684ede0691

SHA512
ffefa27b6b5d5b24cb3bdbb26dc7ddc2a0f2e231ca1914fecd8e0062936e5ef6bf47b23ae4ea48421454dadb3996a9dbb3bb88f08891b430e9c5ce6876106502

Download Submit
C:\Users\Admin\Desktop\SetBackup.xml

Filesize
186KB

MD5
9403d7645e77fa4c2fd3b2f4af95ba5e

SHA1
cad804b1de746350f8a82ec16d9b80ea92b50261

SHA256
f9c7c72ea1dbd6e1d9b886a0084013f31a87778a018481017368226d36b452a8

SHA512
7746f09a2d6a27d6b3208e71005eafc692541c4043001677707811ecbbba19362cfa939e882fdf58d5629d20821a7c9d9f98f99784b5892315f41e16e830b466

Download Submit
C:\Users\Admin\Desktop\SplitSuspend.dib

Filesize
727KB

MD5
9aa796b0d3c44e4e388bf1f2e37a89a3

SHA1
b138607fca3b1252ca48272b4088afd9b2cdf922

SHA256
19b83b8639a41abb5d4c56f838fb7288cba71ea5d1605dc5d71286b81d34afd9

SHA512
ab070e5998396c15c16d0cf6b060ebe00d1da3aa8cb9b23366de089c9478270295c33710d2dafcdfa62a7417c3fce78a1c5f6a8998c7b7f66faddd2529d4e9b6

Download Submit
C:\Users\Admin\Desktop\SwitchJoin.lnk

Filesize
406KB

MD5
0a242cd88eea122cbca9da5bf37544fe

SHA1
3c26f8acd87f9ad3e8d959244420c2418852b1e8

SHA256
3cf8d1b7f4899016a8cedfafceee3be9ccc4d23d913e1d18fdb1ddda1b99ee14

SHA512
07b839b06b344915680fc437281d4041dfc81a210c6a9602b1e165b61c69a06ff102dc2bb3afa096d2bcfb84e272ca945a9e68c6eae3b7cbf82872daab97ef82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 138969.crdownload

Filesize
25.4MB

MD5
3e3b6550e58772d324f7519bfa8066dc

SHA1
0ab0169635dbf038775aeb286d59df394afa81b1

SHA256
2437d83db04fb272af8de65eead1a2fc416b9fac3f6af9ce51a627e32b4fe8f8

SHA512
f7c70d8df4bb1dd8887cbf369812dbd6f9f5f16fbddfa813cae71129a8ab57038376f7753ac1a05711e8ef2958bf4799338301579faae6c1d061063cda208c24

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
52f713ef80a62924e6470152744dac98

SHA1
3f2fede3b9b9c774f7ca97112e5257bc38f75c88

SHA256
fe8f42234b858be58e37d186338eab411d6f3d0fbd2ffb3a40ea968ad45bc157

SHA512
1b803c4dae0bc8a16b9fc5637438bd5c63ce4ad4095c334d608b86a232ccf38ebc26b305505b9f444c124c272e1adc2c56db08f51cc76ffae38de2b022324ce3

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
28484c335e07909e89a689e2da0a6d0e

SHA1
c10ef755b4f9df823e58d4596b6396033c6f1b8a

SHA256
69b5432e399c8d7711df567fe75587088e623967e8dbd7deb235fda77adc72e6

SHA512
e0bc39cab41359794e924bbac5b10b4a01c83793ac49878f51ab0bd30aad3adbfdb6a59ffce3ee23281241dc324cf529e0be6569711867973565cba3659f5584

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
92b63684e77052a65d198e6b1d015c67

SHA1
3845519720082aa2ba6d7ab626a74069fed0fc96

SHA256
07dc56914a99f20313d6f3e3ab4c22a2cf559af88963c1469812cc4a0f27cdeb

SHA512
3a13340977a3fc682bf2bd14dc89bf1b4890adc8cbea60914be665f1f8d78d0b3756c03567a601662bc799266f47e5193537f734c95ebbfe906121641c32c3ac

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
867df98a44736ded3d19d3c4e8863ba4

SHA1
a811f559bcaab9927114da8044dcfb21ad021be2

SHA256
bedc5cc668d022b1df66b2e4eed5d80d0febbbcb61b5b4da6a773d414a7dddb4

SHA512
1815c4790a52a37a99fdafb30c84dc2763cd52c4b722989b88b836aaaf2b290af435115fff09894761d5961c6db04a05e7f31a557c3924b54d92d5b9d31f1da6

Download Submit
C:\Windows\Temp\{0C0ACC43-8BF3-4536-91C4-DC53D2F60FFB}\.ba\SideBar.png

Filesize
50KB

MD5
888eb713a0095756252058c9727e088a

SHA1
c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4

SHA256
79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067

SHA512
7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

Download Submit
memory/212-117-0x000001D05A500000-0x000001D05A600000-memory.dmp

Filesize
1024KB

Download
memory/336-0-0x0000019784520000-0x0000019784530000-memory.dmp

Filesize
64KB

Download
memory/336-35-0x00000197836E0000-0x00000197836E2000-memory.dmp

Filesize
8KB

Download
memory/336-16-0x0000019784E00000-0x0000019784E10000-memory.dmp

Filesize
64KB

Download
memory/2196-302-0x0000019AC09D0000-0x0000019AC09D2000-memory.dmp

Filesize
8KB

Download
memory/2196-300-0x0000019AC09B0000-0x0000019AC09B2000-memory.dmp

Filesize
8KB

Download
memory/2196-304-0x0000019AC09F0000-0x0000019AC09F2000-memory.dmp

Filesize
8KB

Download
memory/2196-306-0x0000019AC0A10000-0x0000019AC0A12000-memory.dmp

Filesize
8KB

Download
memory/2196-308-0x0000019AC0A30000-0x0000019AC0A32000-memory.dmp

Filesize
8KB

Download
memory/2196-310-0x0000019AC0AF0000-0x0000019AC0AF2000-memory.dmp

Filesize
8KB

Download
memory/5072-246-0x000002E8E37E0000-0x000002E8E3800000-memory.dmp

Filesize
128KB

Download