a974f28684d62fb86112d66c02b36d0a3456ddfd7a0e3227f24e79a707bba79c

Resubmissions

10/06/2024, 13:26

240610-qpxbcsxbra 8

10/06/2024, 13:22

240610-qmq2kaxfll 8

10/06/2024, 13:16

240610-qh9m4swhle 8

Analysis

max time kernel
191s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PySilon-malware-main/resources/get_cookies.py
Size

5KB
MD5

9fbfdf3363bef58201cb58f8c47a5c90
SHA1

c932298a07c455b468bcae7b3fa4868aef5fda02
SHA256

50659c02385bd90d268e5c9cb39710d99dd84dc9637b1cf1eeb0413fb624f763
SHA512

98d62d0403377dc0a40a9d400bea0d394e972659be0d12360cc398681fc8f1ee3de7aefa7ab68c2fa17081e7261466e233d9760012f1c27b8f309ead964743ca
SSDEEP

96:kXFbaDLJC/3LPAsTyjHJ2uCE/Mz5ClOla+lfe:kVbsVMEakDCE/MFCsc4m

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
96	camo.githubusercontent.com
102	camo.githubusercontent.com
103	camo.githubusercontent.com
104	camo.githubusercontent.com
105	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624994514265224"	chrome.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\.py	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\皙訬က谀耋	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\皙訬က谀耋\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
3592	chrome.exe
3592	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
440	OpenWith.exe
1424	OpenWith.exe
3960	OpenWith.exe
1140	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe
Token: SeShutdownPrivilege	5060	chrome.exe
Token: SeCreatePagefilePrivilege	5060	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe
5060	chrome.exe

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
440	OpenWith.exe
1424	OpenWith.exe
3960	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
1140	OpenWith.exe
2828	AcroRd32.exe
2828	AcroRd32.exe
2828	AcroRd32.exe
2828	AcroRd32.exe
5088	AcroRd32.exe
5088	AcroRd32.exe
5088	AcroRd32.exe
5088	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 3172	5060	chrome.exe	92
PID 5060 wrote to memory of 3172	5060	chrome.exe	92
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 2228	5060	chrome.exe	93
PID 5060 wrote to memory of 4068	5060	chrome.exe	94
PID 5060 wrote to memory of 4068	5060	chrome.exe	94
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95
PID 5060 wrote to memory of 1556	5060	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\get_cookies.py
1⤵
- Modifies registry class
PID:1876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd843fab58,0x7ffd843fab68,0x7ffd843fab78
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4704 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5360 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5588 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4276 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5656 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2268 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5752 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3228 --field-trial-handle=2076,i,17765175630039310157,16823908774144378555,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3592

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3960

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1140
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\PySilon-malware-main\PySilon-malware-main\builder.py"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2828
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:4524
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1B8AF59CB8DFFDAEB05702CE1608FE80 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3168
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2C8C92870F1CB079E0F80AE4F49E6E35 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2C8C92870F1CB079E0F80AE4F49E6E35 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:684
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F049856FBE82CC1C27316AE4AEFD7B2C --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4140
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1DD2713E3F0B17529DC1AAAA5DE62581 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:224
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D763539E4F0237D9011E6179AE29FA7F --mojo-platform-channel-handle=2528 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\PySilon-malware-main\PySilon-malware-main\builder.py"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2252
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E4F69D2540290FF36AB431E8DB6ED62F --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=84FBBE027F054199622B826EEE81A47B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=84FBBE027F054199622B826EEE81A47B --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3816
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F3CD392B3B792AD06DE08D0ED5A9AB37 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7E06FC1B625921871836F1C059967BB9 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1960
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EE3AA5688B68D278343CFA68E4CEEE4B --mojo-platform-channel-handle=1908 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
42defad9b3a2ef176d9c7eb2c7168eca

SHA1
fd86caac8845a13ea7f225430785bf75a08a7f3a

SHA256
20605180233a606afbaeade9ae1daa99edede41b0277be318f09973f90d3519b

SHA512
afd272b427df34ae0423d0223c41c1d51bbe15c1948e07899754cc9fdd8d68bb34d3d3d3a34d81ece72f3695f447760fe184a6d1f6b5104aaec2805fa9f1255c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
8cb87730ab6e5970dbebd0278995ebee

SHA1
50e8494468b62198f6b8069a4fe9dc13b57c814d

SHA256
1c05020c67f20be01c32e84f6d14e0bfdfc659da7c0d69168d29b2f2ef300f5d

SHA512
c663a7b13267f60e3076574c1ef9ced1501cda527e69a129a5d24b0d86f15ecfbb91672c72d4d9199e51736a8606c5336bb5c49556df0b0d75beedaf2db32318

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
cee0441dae53571e64cb491dc9571008

SHA1
29a3e3b881a2bfdc85358450af45044a96a7d3af

SHA256
7cfdd8967e3f504dd76166c850b9644d0409ef8fb42d3163da44643e18cb9cec

SHA512
090d3e07b4871edc0cc2c30b5ee30c33582499319ae52bf704378068e177d64f49228f2c18343bf198d4abeb62205ea38002f535331bb301618682c098214165

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
166KB

MD5
39d6b73e0659b8de5bc54b26f5a426cb

SHA1
754d7a09e61df9326e5004fd6862d519dbfb4a17

SHA256
0bfccffadac6bc2836549ab1456e86ba8d23b75f34e703410d484e63a25042e7

SHA512
be24c803e414f4fea2195a2afdb2ead773c3fdfcdcdd1406fc08c5c5a99e0f717b3d1042b13881c4397c9efb6d189131b9ebe70f23242ff4f1c5f6a8a96e298b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
67c4cca85ab51bb19e7a4372529ad0ea

SHA1
016aa374a7ca4b722b8257b82ed3fbe630ae5db8

SHA256
61669ca9e68229c5e34fac29610aff2378dda9674345966c4798d5529905b002

SHA512
8fb380c3a6b0f7848091bee14678f957a50b5403ac23261a154ac8ee0d2182b7832b13abc37411d31e8cbef62ef4c6e1ca9efafbfffaf60e9e148b51dd7261f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9a86ff424c955963a1896ec1d3a49c99

SHA1
a67e80c8f8441a92d799c8eb5bfe0cb8c8d60b47

SHA256
6f3b4617f30cb08d234ddbf9581313b05b2ec74f374af32bba551f98c233b7f3

SHA512
8d38737fe2d803e49e6088a69fdbca2b80c9317023f8726083ca1419878737246fb873ae58074c26c5c792e1f4f13646d8ef050fb2c6d8cdbf9a6247b5f8c4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
35e4ef64cd38d991533f25f4d1d5d40e

SHA1
1904788cf77de1a7e0700b22a13275a2be3038db

SHA256
a0a8bd76cb4e1ed1d91d5fd8fea2d75ea6b4b5b4e30afef5afaa6fd05a079043

SHA512
d608ef854013fbbbed7419cf25921a32011138dbd8926850f5e779574dba4efe003cb8e4d56f60604579efc477cef023622ee4e493f9ac324b1dea2b62ce6098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f4ab61c83b01d6fd3d232f49b7e9cc1

SHA1
7934a96ac1d87e6535657448a2973dffc9b53eeb

SHA256
b682b02d1a4834e849541d60983415af340d7a2d651fd61297e08202b522e7f3

SHA512
ca3ae5d15f818e95644d33b66f0952aa1b9bcfcfa20b601b2fbf16a75f810bd8b63052857f3de80a5a05d9266748b487eaf38ae65e7305889a6bf4387869cc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46434957c947a7fee2b9ca2f0f0de077

SHA1
f940ffc32adbafdefedd755f187bc73a93b1ddd7

SHA256
847283b2bf776bb969458d3c03a32623a84f1559fb8c8a785609ff6a023ab1b0

SHA512
a295d257a54ef39fa75371b2f26a6bea70beb687001035846ed1a6392decb5a255674989e93f4d81f983fcaaf22f2a7f1898b4f253a096f85139cb2275f04710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
ff29176724da43e8fbe476ec6207fca4

SHA1
66ec16ab4cb8b2712ba9635a02acc2ae3607bced

SHA256
68eff6a6b7d51ee42a82d9fb8147bcd579c0caecbf26fd846ce3a068b5b8ab12

SHA512
a8c8a26c771c69d8a0c033ec5d53049fdb07fea830ef5152475bf7aea2bebd31a6adc8c3a64e408c6afb3d87d19555915a3708c6e6c2eb8c57b8225bb950ba59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a9437ce0487f5fc574dfa88c44aa6080

SHA1
856900084fee194cd8abf119d873ed034ec28481

SHA256
82aa9174888a57bd4d85140cd4daf6af17b58cd55df60c60f4b275174286c7fc

SHA512
0b1d4172be2f8b9d84ee24188f67cc7ae4c4dc72a75b3c851dc555496000c65eb123b8232e1119af2b169f320c6f4d6b7a12c800a99b28e4810dcf4e66930e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
be319d4ace3c6598fdf63c038466cc5c

SHA1
d0ce8719c449e40803056827c6c45c49f3ca1728

SHA256
90fee22de4129f99e0018ced04dbc49b799bd877e20756b1288fd411af9988a9

SHA512
2e3ac96df51a521fe0680e939317dda55e9163447d2afd6735bbcc68d510d301ce14be66ebc474c628b1ab764a0e243be66fec89a13a4f34cd114235caf2e454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a299a499dd827c22f475dc96e294704b

SHA1
174966ac2e9665fe3a75b58ebc1abefcf7beedb1

SHA256
bfeb0d12c5a16fba7d31645ff164bdc9e4b5744c2662ad7f5e5273bafdc00f63

SHA512
33966af43f260cad1940753e946a00a9ddd53bf83bf7b9eccc970d80bb55b7d251d55e2c31951849db54e79d4e3d105057cc69699411cb6470e71f9e1d10ad6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f608b2c1e97805514a122db750f6d812

SHA1
eff41ee9c45ca004095eea7f19078fa11946e967

SHA256
659d1d927eeb4021605f92da7ce8f10634cce0afdc5827aefdcaf491c06f0b9d

SHA512
4bcc4b59c168bf20b04664f5bb70db2fb486ca2180957587c38f3a9ad247fd94d818e8a6fb38cc5afa8676f918c65f6965c47a6e15ff724eb5c8502f2bfcbd23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
37640719279366602df2c3e081a48358

SHA1
a754492118aec4b0e5f1349b8ad71a29463e2933

SHA256
15c1794af2b131cc46d2284e8ea6ef98720c193d1a96a44ba71d415688a8c283

SHA512
4be2858cb9a794b3a5f89cfd17ad3ff40f95769327a791233171c18d732a9246b38e483b36602e8568fd2a8bf13b55c0543f61214301de498be5b6c7d9d80c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9cae2308780ba5840abbafe51af00c70

SHA1
94c15ee56a1a09f750b5834e2f5fbd9d0b9f9985

SHA256
f6be4f29b82e355449a493455ba4fc6345ffced32b05cfa3593cc9e6eb47bab7

SHA512
f741517f1ed516e469f6c42f516e54cd93262cb3274cb67917960e57d3eaa45a28676712a0d03c9c0da7438c3dc708b4d3a3b3e9ebf183eba4c03561a98755e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
8f57a7fc51725a8e8611228b6d77fff5

SHA1
7d42b679d2c356b190ddc73126b13940b21ab24a

SHA256
186885bd535a7bb0ea30997375a6f4de8f40a60c513b402ed6d4babab5617bb6

SHA512
94e9e97db82de523c24c09e750e32b34fce6c7f63d6790dde52d7525567dffc83adefb158863caa62c7fcea25dff56ad684c36e40428284af96aaf2ed163718b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
b799f64cfebc8cd77db3ab938cc2cbb0

SHA1
9f10bdb155d0401e67a4074b988cc43be5ce35c2

SHA256
0d875bc9006d282037bada30f273a3920f2b2c0787bbf32cc03ec69378295364

SHA512
87ef2a49163587f0f98af2da994b9b86d299c7a55c5db3a423c13a45139a0ab7874ea9fcac0aa76faf967d3ab0a72b26760ed583a6799cfa0a66b4eef61b3642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
8204f1db4a232256317cd3cc59cd6cd3

SHA1
b5fc1831a212aa494f8fbbe3b0c90c05b6a3edd7

SHA256
20e861392bec0137424b0b996325232c10b8c4649cf371cb4aa0ced622d2860d

SHA512
56c2fd46f5967cb206c4e7cfad19cad41aa180a62781800d5acbd4943c52b65716bddbecdef409c12ba605c64502d7c17c9e9053a0734cd45d34dc6613ebec07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fad6.TMP

Filesize
89KB

MD5
3bfda17257674176c58b7238ca40799c

SHA1
cd860dbd9a0293522a6c4cdbf68f0145ccea0ad9

SHA256
eb3270a10c5c00437d1f0a8214d242ce6a02d1ede1f151e912f76c435aabc5b7

SHA512
ac36f57ff4f14aa2a332734c5bfd3ce3bee558a718a8dc40ba81805c138382afc43e4af6f03437314793d37519487949c508b28c42c8abaaf5838e516c3c70c9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
b4270013dad537771807592001ccd036

SHA1
557abf019fa0f6fe7139fe9216d7aa9c487a5e07

SHA256
c7ee18255ea6c3c5a7e349fb3814e338f538bdd0c184a7e02d4c61893264c1b5

SHA512
ded15fc1e6f10e152b5ab57ea1bdca71dc091a926da9e7c0585ab771e7cc0ea3ed41901a925b64dbc68e99b11324f4f7f35d4c47592d7c6c7c9c03519bd0c3b4

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
7c5aec58211bbe5a9a7c7a31471c870b

SHA1
d8d2ec5c51cf63bddf6b8af3e30a04673c12796c

SHA256
58c67d5a7ad6a85c6b8269f784a6c549efc3ea927140b0c43e36f6829aef35cf

SHA512
757bb4df3b957fe372dc09cb09735988badfa927c7b3c6a575300c4ff2e2b33268813e5716177b055240838036ebf2532ca10185936decac1adf06e4ca081825

Download Submit
C:\Users\Admin\Downloads\PySilon-malware-main.zip.crdownload

Filesize
2.0MB

MD5
17fbe239d1caeb687bf4d5ea7652d6f9

SHA1
94e3b25041c59a0785f64e072d96d0830e1a042f

SHA256
a974f28684d62fb86112d66c02b36d0a3456ddfd7a0e3227f24e79a707bba79c

SHA512
b4fa75c69b8b8fae53f52d8777c1c7f62878da78f032c8aa6ca51c3b6db2b1ae48245b543e024260c8df402412c88c567c021dc788d323cc14b4b6c5243543d5

Download Submit