hijackloader | 2df8ddb67e9485bd2edd37d444bba33fffe8e0ae3c9065d4b2c67cdffad0ea98

Analysis

max time kernel
216s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

15KB
MD5

fb1b0e1acbb5fc4a580413fcc760a44e
SHA1

7116f7f57aefaee51e05c41f60a70e136b5e176e
SHA256

2df8ddb67e9485bd2edd37d444bba33fffe8e0ae3c9065d4b2c67cdffad0ea98
SHA512

b087564cc2899ac0b04a6355061c51e6e056f0c82a191d536a3d25035a7c6330e24ae2cdbdf5f201d64b6971dbb30db346aa6f3b73f8291adaa3ee54846c3e11
SSDEEP

192:PNxyShvK9moqTJkNr423pHcJxJ4CbdayVVcPASbNAXXeCRpBjJFyIyN:yShi9boJkNchJ4Cp3puG97FYN

Score

10^/10

hijackloader stealc silent15 discovery execution loader stealer

Malware Config

Extracted

Family

stealc

Botnet

silent15

http://89.105.198.59

Attributes

url_path
/7ab3b0a3219ae446.php

Signatures

Detects HijackLoader (aka IDAT Loader) 3 IoCs

resource	yara_rule
behavioral1/memory/4540-1106-0x0000000000400000-0x00000000006AE000-memory.dmp	family_hijackloader
behavioral1/memory/4540-1107-0x0000000000400000-0x00000000006AE000-memory.dmp	family_hijackloader
behavioral1/memory/2568-1190-0x00007FF6C49A0000-0x00007FF6C4AFF000-memory.dmp	family_hijackloader

HijackLoader
HijackLoader is a multistage loader first seen in 2023.
loader hijackloader
Stealc
Stealc is an infostealer written in C++.
stealer stealc

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
2268	powershell.exe
1404	powershell.exe
2232	powershell.exe
2700	powershell.exe

Downloads MZ/PE file

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x0007000000023489-1027.dat	net_reactor

Executes dropped EXE 3 IoCs

pid	Process
4940	Silent Down Setup.exe
60	SilentDown.exe
4540	snss1.exe

Loads dropped DLL 56 IoCs

pid	Process
4940	Silent Down Setup.exe
4940	Silent Down Setup.exe
4940	Silent Down Setup.exe
4940	Silent Down Setup.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe
60	SilentDown.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
73	raw.githubusercontent.com
75	raw.githubusercontent.com
76	raw.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Silent Down\System.ServiceProcess.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\es\System.Windows.Forms.Primitives.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\zh-Hant\UIAutomationClientSideProviders.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\PresentationFramework.AeroLite.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\pl\System.Windows.Controls.Ribbon.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\cs\System.Windows.Forms.Design.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Net.Sockets.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\de\WindowsFormsIntegration.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ko\System.Windows.Forms.Primitives.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\pt-BR\PresentationUI.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ru\WindowsBase.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Diagnostics.TextWriterTraceListener.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Drawing.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\netstandard.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\fr\System.Windows.Forms.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Numerics.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Private.Uri.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\it\WindowsFormsIntegration.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Threading.Tasks.Dataflow.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\cs\ReachFramework.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\de\PresentationCore.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ru\UIAutomationClientSideProviders.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\Microsoft.VisualBasic.Core.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\it\ReachFramework.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\pl\UIAutomationClient.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\tr\UIAutomationClient.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\PresentationCore.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Globalization.Extensions.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Private.DataContractSerialization.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Transactions.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ja\UIAutomationClientSideProviders.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Drawing.Common.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Formats.Tar.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.IO.Compression.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.IO.Pipes.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\it\WindowsBase.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\tr\PresentationFramework.resources.dll	Silent Down Setup.exe
File opened for modification	C:\Program Files (x86)\Silent Down\Silent Down website.url	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Drawing.Primitives.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\WindowsBase.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\cs\PresentationUI.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\fr\WindowsFormsIntegration.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ja\PresentationUI.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ru\System.Windows.Forms.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Text.Encoding.CodePages.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Threading.Channels.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\hostpolicy.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\de\System.Windows.Forms.Design.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.CodeDom.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Configuration.ConfigurationManager.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.DirectoryServices.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ja\PresentationFramework.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Diagnostics.Tracing.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Linq.Queryable.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ko\PresentationUI.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ko\System.Windows.Forms.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\tr\Microsoft.VisualBasic.Forms.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\Microsoft.VisualBasic.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Runtime.CompilerServices.Unsafe.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Security.Claims.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\de\UIAutomationProvider.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Security.Cryptography.OpenSsl.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\ru\ReachFramework.resources.dll	Silent Down Setup.exe
File created	C:\Program Files (x86)\Silent Down\System.Formats.Asn1.dll	Silent Down Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606635924080836"	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4232	chrome.exe
4232	chrome.exe
2268	powershell.exe
2268	powershell.exe
1404	powershell.exe
1404	powershell.exe
2232	powershell.exe
2232	powershell.exe
2700	powershell.exe
2700	powershell.exe
2268	powershell.exe
2232	powershell.exe
2700	powershell.exe
1404	powershell.exe
4540	snss1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4940	Silent Down Setup.exe
60	SilentDown.exe
4540	snss1.exe
4540	snss1.exe
4540	snss1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 1148	4476	chrome.exe	83
PID 4476 wrote to memory of 1148	4476	chrome.exe	83
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3412	4476	chrome.exe	84
PID 4476 wrote to memory of 3392	4476	chrome.exe	85
PID 4476 wrote to memory of 3392	4476	chrome.exe	85
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86
PID 4476 wrote to memory of 4756	4476	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b7daab58,0x7ff9b7daab68,0x7ff9b7daab78
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:2
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2056 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4612 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4536 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3412 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2844 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4796 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4576 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4548 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5456 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Users\Admin\Downloads\Silent Down Setup.exe
  "C:\Users\Admin\Downloads\Silent Down Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:4940
- - C:\Program Files (x86)\Silent Down\SilentDown.exe
    "C:\Program Files (x86)\Silent Down\SilentDown.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:60
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2268
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:1404
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2232
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\efafb6b5-014d-4ba4-9f87-bb41e48edc03\snss1.exe
      "C:\Users\Admin\AppData\Local\Temp\efafb6b5-014d-4ba4-9f87-bb41e48edc03\snss1.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4540
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        
        PID:764
      - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        6⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe"
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe"
        8⤵
        
        PID:3092
        
        C:\Windows\Temp\{4CB7D173-E620-41D9-82B7-4949B1CA3CE7}\.cr\FHDAFIIDAK.exe
        
        "C:\Windows\Temp\{4CB7D173-E620-41D9-82B7-4949B1CA3CE7}\.cr\FHDAFIIDAK.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\FHDAFIIDAK.exe" -burn.filehandle.attached=704 -burn.filehandle.self=668
        9⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\FHIJJJKKJJ.exe"
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\FHIJJJKKJJ.exe
        
        "C:\Users\Admin\AppData\Local\Temp\FHIJJJKKJJ.exe"
        8⤵
        
        PID:5092
        
        C:\Windows\Temp\{8D8151D4-43D2-4C03-925D-D4F700AB14EB}\.cr\FHIJJJKKJJ.exe
        
        "C:\Windows\Temp\{8D8151D4-43D2-4C03-925D-D4F700AB14EB}\.cr\FHIJJJKKJJ.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\FHIJJJKKJJ.exe" -burn.filehandle.attached=544 -burn.filehandle.self=704
        9⤵
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\efafb6b5-014d-4ba4-9f87-bb41e48edc03\snss2.exe
      "C:\Users\Admin\AppData\Local\Temp\efafb6b5-014d-4ba4-9f87-bb41e48edc03\snss2.exe"
      4⤵
      PID:2568
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\SysWOW64\cmd.exe
        5⤵
        
        PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3176 --field-trial-handle=1532,i,14834247325482857978,2789325622648391457,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x518
1⤵
PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Silent Down\SilentDown.dll

Filesize
608KB

MD5
5ea7114543e422b65c05c51aa275ca89

SHA1
f2ac1c1bc3d9d64f3c4b1910264ffcf69553eb1b

SHA256
6c2d4c735fec056b34f14d4765853c232f700f06e7db2bcc13a276433883fcb4

SHA512
7acd73ef9282653cd6fcc5c4f8f6946261ae30264f1568bc9b6237b7e5083ea470990d54fb03f254a993f16c33b035aa805d58cba9789f3306ad9fd5a23e60d2

Download Submit
C:\Program Files (x86)\Silent Down\SilentDown.exe

Filesize
341KB

MD5
cce03900fb504bc1875a8fddfd61f837

SHA1
d8ffc65a6882911511171b5c763d8e6f84004764

SHA256
597f7bee1ae8acaacb7c16c6e0a5b93ff43483797966f1b5c022cd61e04d5922

SHA512
37a4da5e9311082d7a6b097bbee36fb8d58f931f4e7836fb8924986b3c07f833c5f5011215d0b9dc7b7ed5c771d22de0e22cf4dfc3fb6a6b5bd90f18e902a485

Download Submit
C:\Program Files (x86)\Silent Down\System.Collections.Concurrent.dll

Filesize
270KB

MD5
38d21e067d7673194a84cced59066ac8

SHA1
e64362176f714b23603f3a67f1e741f12e35a832

SHA256
483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47

SHA512
3fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf

Download Submit
C:\Program Files (x86)\Silent Down\System.Collections.dll

Filesize
254KB

MD5
92063926c04f2e4bf5b5fde16542831d

SHA1
e7be34eaff2d3d8796911d21f1fdbb93bf231dec

SHA256
9193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541

SHA512
e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f

Download Submit
C:\Program Files (x86)\Silent Down\System.IO.FileSystem.dll

Filesize
15KB

MD5
35e27f4c681085a4b096826ee8ea4f53

SHA1
cf3ea4304e5558c8fdd4422e4d72509cd91ea719

SHA256
7bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad

SHA512
1f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9

Download Submit
C:\Program Files (x86)\Silent Down\System.Memory.dll

Filesize
154KB

MD5
7e999da530c21a292cec8a642127b8c8

SHA1
6585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f

SHA256
3af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4

SHA512
a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451

Download Submit
C:\Program Files (x86)\Silent Down\System.Private.CoreLib.dll

Filesize
12.6MB

MD5
805cf170e27dd31219a6b873c17dce88

SHA1
ac90fa4690a8b54b6248dcb4c41a2c9a74547667

SHA256
ba7e61a00e7a4634b5c5a79b83126f75580ceec235c613000c3efbc01826cad0

SHA512
fa946aae906b66cb5570155a1c77340f2b6d4efb9be16068da03a8f1c5b5f37ad847d65cd1416017db19375dc6a72670300da4c766e6d9bb1a00374f492bd866

Download Submit
C:\Program Files (x86)\Silent Down\System.Private.Xml.Linq.dll

Filesize
394KB

MD5
60ed8b2bffc748d6a2a1fed8fa923368

SHA1
be411429b9a649a495124558c5e5d95a83525d58

SHA256
0b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90

SHA512
b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8

Download Submit
C:\Program Files (x86)\Silent Down\System.Private.Xml.dll

Filesize
7.6MB

MD5
46aebfbd6d7e74d4d558da62d7600d25

SHA1
9c1cd44ab8b5e283967427e91cbddddfc0c2bf5a

SHA256
834e304221e742a831be5c5178892258e689eae35b730172e74161af2785aab9

SHA512
9c4499d174a988cc3830aafcc42f79defff37b16198f49cf5d2dc86f88809fcb44e0c300351f813d46addf9998f64448c50213f1721c6a307aad21c205db1524

Download Submit
C:\Program Files (x86)\Silent Down\System.Runtime.InteropServices.dll

Filesize
94KB

MD5
49c86e36b713e2b7daeb7547cede45fb

SHA1
75fe38864362226d2cce32b2c25432b1fd18ba37

SHA256
756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d

SHA512
a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9

Download Submit
C:\Program Files (x86)\Silent Down\System.Runtime.dll

Filesize
42KB

MD5
53501b2f33c210123a1a08a977d16b25

SHA1
354e358d7cf2a655e80c4e4a645733c3db0e7e4d

SHA256
1fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100

SHA512
9ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796

Download Submit
C:\Program Files (x86)\Silent Down\System.Security.Cryptography.Algorithms.dll

Filesize
17KB

MD5
8f3b379221c31a9c5a39e31e136d0fda

SHA1
e57e8efe5609b27e8c180a04a16fbe1a82f5557d

SHA256
c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388

SHA512
377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9

Download Submit
C:\Program Files (x86)\Silent Down\System.Security.Cryptography.Csp.dll

Filesize
15KB

MD5
c7f55dbc6f5090194c5907054779e982

SHA1
efa17e697b8cfd607c728608a3926eda7cd88238

SHA256
16bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a

SHA512
ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355

Download Submit
C:\Program Files (x86)\Silent Down\System.Security.Cryptography.Primitives.dll

Filesize
15KB

MD5
777ac34f9d89c6e4753b7a7b3be4ca29

SHA1
27e4bd1bfd7c9d9b0b19f3d6008582b44c156443

SHA256
6703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622

SHA512
a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439

Download Submit
C:\Program Files (x86)\Silent Down\System.Security.Cryptography.dll

Filesize
2.0MB

MD5
75f18d3666eb009dd86fab998bb98710

SHA1
b273f135e289d528c0cfffad5613a272437b1f77

SHA256
4582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e

SHA512
9e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5

Download Submit
C:\Program Files (x86)\Silent Down\clrjit.dll

Filesize
1.7MB

MD5
8b81a3f0521b10e9de59507fe8efd685

SHA1
0516ff331e09fbd88817d265ff9dd0b647f31acb

SHA256
0759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb

SHA512
ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176

Download Submit
C:\Program Files (x86)\Silent Down\coreclr.dll

Filesize
4.8MB

MD5
9369162a572d150dca56c7ebcbb19285

SHA1
81ce4faeecbd9ba219411a6e61d3510aa90d971d

SHA256
871949a2ec19c183ccdacdea54c7b3e43c590eaf445e1b58817ee1cb3ce366d5

SHA512
1eb5eb2d90e3dd38023a3ae461f717837ce50c2f9fc5e882b0593ab81dae1748bdbb7b9b0c832451dfe3c1529f5e1894a451365b8c872a8c0a185b521dbcd16b

Download Submit
C:\Program Files (x86)\Silent Down\hostfxr.dll

Filesize
342KB

MD5
16532d13721ba4eac3ca60c29eefb16d

SHA1
f058d96f8e93b5291c07afdc1d891a8cc3edc9a0

SHA256
5aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303

SHA512
9da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100

Download Submit
C:\Program Files (x86)\Silent Down\hostpolicy.dll

Filesize
388KB

MD5
a7e9ed205cf16318d90734d184f220d0

SHA1
10de2d33e05728e409e254441e864590b77e9637

SHA256
02c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62

SHA512
3ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052

Download Submit
C:\Program Files (x86)\Silent Down\mscorrc.dll

Filesize
133KB

MD5
53e03d5e3bffa02fbc7fb1420ac8e858

SHA1
36c44c9ff39815aa167f341c286c5cd1514f771f

SHA256
23a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960

SHA512
f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
dee75c4609355dbae2875531932cd502

SHA1
331a3a814dab5205ff87c8564d8d7a8fe61a4c8a

SHA256
8885356445fdffb14a04c4bff1bfc1fc482b73d02f21828d636ace5c1d4ddee4

SHA512
737289d24cca331fb31704278a3b2ff89b7953531188cd15d2ef6093a43ab173194fed044cba6642c2add2ba7afce14ba408d673bcb89467ee9cbf9984be1cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
14288bcdffc07a917e9a95d456cfb6d6

SHA1
faa04b387cb8d7ef29350b9ae2d2bd7b7fbf8083

SHA256
8a68384a39e16ad0d8cbde8d0ee2bab382f3ae403d941feab33e7ab0bc91f5c9

SHA512
7019e1130bb5699b39ca34a52e31d95e09c288e494c9332d20587a15de8d3ebf02581d0b10f63f0739b47b223e8f49bbaabd369fd3105a9987676d321a19c6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
384ecf10a06f65a5f87073a1391ee493

SHA1
5b121d2171a1ce770b793d29de9e8cc6e16e7d49

SHA256
02c7557f4f36b390fbe2635893f44fd2a4373a3a2cac9894eb84d6e967a133f1

SHA512
12f3559434bc3f12e0c9b8b1e53f3817f96ac7a5e3eb903c495c24ea2ed4d24532faa6329c0baa72982790324d16e94d780148704c25966ab300f4e2d59d5218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
a65ce6a762fc9ad747ac1167b32a5a6f

SHA1
4466598e86fc519799ae3d7b2f4f257a82c29a4f

SHA256
e78dee76b942464b4a07355079d3cfdf38e2f12d183bea3fe37a3fbb4ecdfc1b

SHA512
1066b999c80319b48e85af120dafc7bbb68566ba4f161bd655e1ffb759119505d0b007359c90e95dfb3c932faceeb048aca05fdc998497d38a9b07eebd2ebb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e3e5cfa2e3502716f85a804bec2259e6

SHA1
41c4e14c5abd69334c53f593273fcc121d99858a

SHA256
df84c864928439870feeb5215cb20fc77911cddda2c608fa5ec0bd8df11d66c9

SHA512
13806d67c0af33a91ff8dba42bd001946d79bb51c4253181d19548c0842050027e97283e3f1dda4c8368119c3a975174ba986d2179cb64a70781572aef962809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
27d99199ed642eed538cd1baa4f25b49

SHA1
3062b412db855dcf3c0da5b8b6b6856b87610499

SHA256
9a86028e1d11fb0eab2388343be69424f3420cced047d537ffeec86312173c2a

SHA512
20e0881555c48bfcfbc317456a0106297f45d945667e94bb18d8be9ac1b1b606c9b708817ee47bee95b3031172d4099096d471bb2f86a77b77b6b707c86f9a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c0b62d15e73a06f0383fbc10e974c4c0

SHA1
3ee32eb38f3c272b64b8da46d0306bb4ba87277c

SHA256
15b8e2dd38cc2e4ecd109c6e3bd02e64d472d5c267238bcff19608ee3551e94d

SHA512
9732535b3c1d0a3b7fb5dd0112f403f1be07298e8abb0e28ce6ef3475e7a61a50f00846e21614ab6fc727360014206374f7c224500ee5a9268f2ce062cfef383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6842bf16d6b5ed9cbc55d09d52b071e4

SHA1
2a591600f3c71f7f1cb0bc62057ffa1c0e4fe8eb

SHA256
5ae82bd00b2b412c7ba0934bfe7596a9193d04711f138a1ea053b4d6941455fb

SHA512
4af75acb185845629251027fcf4a83b4964a6a0b7b3e0dd831c89f123f7e01bc043e705ff928028d4aea9ba2fa14d9e01971fc97b53df7a846f759649c36fadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
3a1792b50a7fb76351e62763f09a4b67

SHA1
20702e95cd7f707f21d0d70951f6e3f71be799a8

SHA256
2ffd9de1be0250883406d30b4faeb92b8b26707af77362c2698b5b68d5a7cf3c

SHA512
7d4dc122cf4ee71381eb49c52f8a225940c69f120b1db68afe0569ee71d341601c4f8ee9fc3b3f2f93bfd478a273c990b1932b98b138f0df0e7dc5d39d1a425d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b1d589be1eac600707d93e7cf86ab47a

SHA1
de4fba4b186d78b8350afe4586697cb788048315

SHA256
4412d9a1c008fd6c6072ead1e83208d0148d05a5876060e92e5d1e063e5a598d

SHA512
dd1287b3fd9f66ea5e4914e38b092823a90e954844939f76e0d90baf37d289e753f4eb5065427191ce41c450f3f1b9d7dc4324064a6fafe87c90b4764e105c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7666f0690bfeeb66dc19621c4b7c5a7b

SHA1
7552e45199b85e506398aff2575f301013a63ca0

SHA256
61c9435f7b4eae2a2215816495c1ae1b98345650852a99b87563105680262392

SHA512
03a55e2efbd5ea8bba4c4f07f98105d7fb6b206b0cf09b9cdb8924aacb7a3d4a03c9e0ecd048ceef0c35625e24e0a2275e5b32339236cd2ec5bfb2d2639cdf31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
a9c4f4761d0ccc4b3b67c56ab1e15593

SHA1
6f72037c75df2b6aaab29d0ea6a90da1cc0fcb77

SHA256
c1b057d188c5715b2e2bee04a32b7a82c9a44e669017c1911b0783a0cc178ce6

SHA512
7630b99beba9d8b214059a5221cdbb1b4635cdff9e5609526bbcabddafa612d0710c1d43bb6ac1bd568c18753d390fbe30d3f52bf18a1fdfde9f74d7bc8935ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
254f9312b609a09115c9dc0ece245f35

SHA1
9115f1232ae3ac09f2d3702eec4cfadb818cda68

SHA256
b878799b7edb5581eb3906091f95ac3af950ec8ab2a1accbc93ed18aa33a8b8c

SHA512
6f57895b17c035a5d02e636da1b260da7add159e85953c85952f8bde6f4859483857bf187e937ad1d272d7016df41721ad7c6ecc0cef6a213719f960cb5567da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
5526c41dc62258bdf01300bd66d0221c

SHA1
661fcf96c4b9f31fb09c00c9a0cff454d0b0f168

SHA256
207dcea85bc7998012877e31ee6b4088483e79fffbd467538050333771efa7f3

SHA512
99a41fbb6607f005d4977897f540c9468f1bc07dfb9b27404c9e338885490083160461dbe8f0dca6773fa2a6248cacf180ea7d2bebadde590c1e2f864369d40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
607ba2d696a6d217ef69c3cd01517032

SHA1
38b481bf05fb4a521561ed73272de2a6b01bcc41

SHA256
9f3d9aa57bb579b62dbebddbf7aa8cfe25994f73f08fb3a70a7a37a61f7cce83

SHA512
32f9f577ee22076359d2d128036d9c1e491b0536ee26d530dc830b4b6a113a91471731340f90b9b50741262d59362aed9472484eeb7429791217c593f03642aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
dae06f173848dc661684a747472294a3

SHA1
ff1c9f53019640c71f19e11f798d73a0505f6495

SHA256
9f3c35e0ec4596d6084ebe16aea435a26f2c2174b34ed7e15601f00271c1e8c8

SHA512
006ae1baf012899d0c44589119c037c3e490f5f775c624e664147c0e00b78675d98f55ff574caffb160c47f0c789c0edd7721711cd9cc736770e3ef1db8a547a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e639.TMP

Filesize
88KB

MD5
4c0e6698b1144cafde828106531e70d6

SHA1
edc6a9f1e46e44ddac7dec62de9eb4d846bd22f9

SHA256
0156351a485f3362f41f5b53af3949fbffb27eafd2198c1027bfa52f5ead3306

SHA512
c353861468028b3af39dcb41606eaea8acc3c2a51a9066cfe88c5c2b610e1cf8a5e923eb87d86df73ac0b44587a5d6472b2d1f5bdeee29dba37d4c950f8fd094

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1zsm3uwe.q40.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC67A.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC67A.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC67A.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC67A.tmp\ioSpecial.ini

Filesize
1KB

MD5
64510f31c612c8d687442dcfb151af4c

SHA1
dee24f796b2c6c4292acaf72755ceb2d6d440664

SHA256
460f5c0343be53b93f00a1a17910bbb80f13a9e97e74a4896d0958d3e4c0b1c5

SHA512
5c02d4c4d29c77ba2fb809871d0bf9e5949f186c683c3e850dc05f71daf56678449f916602f17ed9a61adaf33b4fccc4c87ff40496529441e11cf5faae4d8130

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswC67A.tmp\ioSpecial.ini

Filesize
1KB

MD5
df8af8586e46345cd7aabc54fc92fb23

SHA1
e45bee37ca51edd7cd4253bf6107925ad466ff18

SHA256
5ad682fdd0dfd4521521d7f55dec09728a1a47c6f7e9c778c8363603edde9e5c

SHA512
fc1dff9efe4cb420efef3770048234c6575639dea772e42836055fc2e005d84be8c370314a6165b004afeef58e70d097f040aadc5ad24c74c296efb5e74b3528

Download Submit
C:\Users\Admin\Downloads\Silent Down Setup.exe

Filesize
47.6MB

MD5
7294ed73f4593c1430e10d12239ec2ac

SHA1
252edf317cc93dd1ac8aec9517f4f448989eb698

SHA256
0eb45d51598d1fc520d041e3708f4e20feb3372be93550805fc423e988bd9430

SHA512
0cbc109732e86fc153307742e826a46cec760b00d189fd548851672949daa4c77296aa1c5b6d1ec31f39b8b167cc49b2cb0b7c0dec4a7f0e91dbcf18d4401dd0

Download Submit
C:\Windows\Temp\{4CB7D173-E620-41D9-82B7-4949B1CA3CE7}\.cr\FHDAFIIDAK.exe

Filesize
4.3MB

MD5
b334579811f496729c1dd567ee9bcf2c

SHA1
ab738bb4e624ff2d41079bb77c8f6cf09672e9cc

SHA256
6971218abcbd7b25abac7a4f35ad3fb27b911f35d156a4112fc3fec672e04512

SHA512
f7bbe2abf885521596dc846e546de7b3f8b23175385c49ef570544b68473ac7a9e169ac8b911f767b94046bd2c633139aee8713afa558ee55d00569bce3d786f

Download Submit
memory/764-1118-0x0000000074AD0000-0x0000000074C4B000-memory.dmp

Filesize
1.5MB

Download
memory/764-1117-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

Filesize
2.0MB

Download
memory/2268-1066-0x000001D675DB0000-0x000001D675DD2000-memory.dmp

Filesize
136KB

Download
memory/2568-1217-0x00007FF9A6680000-0x00007FF9A67F2000-memory.dmp

Filesize
1.4MB

Download
memory/2568-1192-0x00007FF9A6680000-0x00007FF9A67F2000-memory.dmp

Filesize
1.4MB

Download
memory/2568-1190-0x00007FF6C49A0000-0x00007FF6C4AFF000-memory.dmp

Filesize
1.4MB

Download
memory/4540-1107-0x0000000000400000-0x00000000006AE000-memory.dmp

Filesize
2.7MB

Download
memory/4540-1115-0x0000000074AD0000-0x0000000074C4B000-memory.dmp

Filesize
1.5MB

Download
memory/4540-1109-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

Filesize
2.0MB

Download
memory/4540-1108-0x0000000074AD0000-0x0000000074C4B000-memory.dmp

Filesize
1.5MB

Download
memory/4540-1106-0x0000000000400000-0x00000000006AE000-memory.dmp

Filesize
2.7MB

Download
memory/4588-1120-0x0000000000770000-0x00000000009AD000-memory.dmp

Filesize
2.2MB

Download
memory/4588-1121-0x00007FF9C6010000-0x00007FF9C6205000-memory.dmp

Filesize
2.0MB

Download
memory/4588-1122-0x0000000000770000-0x00000000009AD000-memory.dmp

Filesize
2.2MB

Download
memory/4588-1124-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/4588-1182-0x0000000000770000-0x00000000009AD000-memory.dmp

Filesize
2.2MB

Download
memory/4588-1205-0x0000000000770000-0x00000000009AD000-memory.dmp

Filesize
2.2MB

Download