a974f28684d62fb86112d66c02b36d0a3456ddfd7a0e3227f24e79a707bba79c

Resubmissions

10-06-2024 13:26

240610-qpxbcsxbra 8

10-06-2024 13:22

240610-qmq2kaxfll 8

10-06-2024 13:16

240610-qh9m4swhle 8

Analysis

max time kernel
300s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-06-2024 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PySilon-malware-main/resources/get_cookies.py
Size

5KB
MD5

9fbfdf3363bef58201cb58f8c47a5c90
SHA1

c932298a07c455b468bcae7b3fa4868aef5fda02
SHA256

50659c02385bd90d268e5c9cb39710d99dd84dc9637b1cf1eeb0413fb624f763
SHA512

98d62d0403377dc0a40a9d400bea0d394e972659be0d12360cc398681fc8f1ee3de7aefa7ab68c2fa17081e7261466e233d9760012f1c27b8f309ead964743ca
SSDEEP

96:kXFbaDLJC/3LPAsTyjHJ2uCE/Mz5ClOla+lfe:kVbsVMEakDCE/MFCsc4m

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
98	camo.githubusercontent.com
99	camo.githubusercontent.com
100	camo.githubusercontent.com
101	camo.githubusercontent.com
92	camo.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133624996593963146"	chrome.exe

Modifies registry class 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\謤문⠀耀\ = "py_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\.py	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\py_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\謤문⠀耀	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
3952	chrome.exe
3952	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
440	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe
Token: SeShutdownPrivilege	5080	chrome.exe
Token: SeCreatePagefilePrivilege	5080	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe
5080	chrome.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe
440	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 5088	440	OpenWith.exe	91
PID 440 wrote to memory of 5088	440	OpenWith.exe	91
PID 5080 wrote to memory of 4488	5080	chrome.exe	96
PID 5080 wrote to memory of 4488	5080	chrome.exe	96
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 2656	5080	chrome.exe	97
PID 5080 wrote to memory of 3356	5080	chrome.exe	98
PID 5080 wrote to memory of 3356	5080	chrome.exe	98
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99
PID 5080 wrote to memory of 2864	5080	chrome.exe	99

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\get_cookies.py
1⤵
- Modifies registry class
PID:2596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:440
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\PySilon-malware-main\resources\get_cookies.py
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb1e48ab58,0x7ffb1e48ab68,0x7ffb1e48ab78
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1720 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3164 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3652 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4548 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4200 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4936 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4832 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4400 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3260 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3284 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4268 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5384 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4568 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1236 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=876 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2416 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2248 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5536 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5624 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5684 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5568 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5452 --field-trial-handle=1940,i,7072017467598303916,981943435335666697,131072 /prefetch:1
  2⤵
  PID:5004

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PySilon-malware-main\PySilon.bat" "
1⤵
PID:4740

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\PySilon-malware-main\builder.py
1⤵
PID:2964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PySilon-malware-main\PySilon.bat" "
1⤵
PID:3172

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\PySilon-malware-main\builder.py
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
59KB

MD5
fac49e161e404a2a94033d91245077d8

SHA1
fcdd095a60d94e7fedb86bf29c784007b4d7e9c7

SHA256
782fae8642551618ba67e354c7335e274ffeb931ca0c02698e5cd8ca5931a349

SHA512
0a3e34ab9bc45b40f7c2b2c26896ced8869a78992e1a8fae4d0dffd7815216a0168c19661de536b6174f168f88563185ed87929c04a7d8238250960bcf562bb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
69KB

MD5
4f9d58547367f284c0fa5c840c00b329

SHA1
afdf5a998830ad8bea4d57ad8cb3882ac911b43f

SHA256
3104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd

SHA512
7d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
327KB

MD5
f43bae76aca474b1c3c685767390f30b

SHA1
3c0529e776d3adbff6b3da32879f1f67f12ea31d

SHA256
c872f37122385d45ae96b618f1a0298387f90a3baf2e01b64f4a296a9fe230d8

SHA512
6f71a93834388b0c9f3f5ef1c8c0e94bb98122eebbfbeece1403e530f214f36a32557f62e6e862a5d29ab25bc39bdcb14505f99c82cd3355d05c87447b81f3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
133KB

MD5
f91dfab9ea71dcac2d56932ee97b4a88

SHA1
ea278ac6e3a673d0047623473051b64a7b9085b5

SHA256
f985b76e4096b86b946fe552479dd890b4510310ca11effdb58035f6f9b236cd

SHA512
7577458acd4ce0e69e73d29c8e332a9089627d1ed31c6e2fe02907bcd539cdfe37126a418a445c6722f2196177cfee4501ec1498a86a0af6cddea3914740b120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a48b3b484dbea0e376368154853eae73

SHA1
aad9ed51a6f619a921a3886d07ff2101537e0af4

SHA256
088ffef1060e8e3b73906e38bd94daf8064821d99a50a48e9787ca834b08a3a7

SHA512
e0906f6c38eb92b8e2d4b183a905b211a8b82ae2b6c96ff8b4e234b942d99927a315fd978ddad765857a34d4bded14d5a413336ff0de524a51979084a8e9440f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3ef0d86016a5a2238459bd330606cce

SHA1
58be82577c2a8a369cbe2e0f7d383a0a6a9f2f0a

SHA256
be56ef6144d4758ba12fd6b4494a701d1716e2cab75cf84281056ad10542ed8c

SHA512
c434dc263ac9231195b5e0520fbf15fa6e548ada435dd2fbc02363cd01cbe128ea657eb822c4a38b4ec160b1c7d3604de919125d7bdc75bfd2971bd54b91dd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2f75388d13c16fa795d39ac19977afda

SHA1
767ea65a1f7b1874b2c3c10c19a9a98d6bdda0b6

SHA256
31ce8d429976cc106b7c0ea64d3a2c0f0108fbfdb530df4490c8a994570d4aed

SHA512
b44cc68ae93fe83b74a12dbcce0fd5017e578b4342b96951b101457a6a97a3d6ffdedbb3573f2c5667d583d6c1e115d2d560e61057e33340e7d6993e32d0be60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1a31c1b0aa11945b1562c44ae490fd01

SHA1
c99ecce89fbfb6e04ce302ad300cb80c05a0648a

SHA256
98618c7ab12cfe4f33be1dc0d1d7366b98e354b0be1af74f37ad1d7c9df7c556

SHA512
2bb3171fc881168b8014c53846117d4caa02581d00a91847e8ea47442ca5ca112e430589e143bb50ff578b2d2b88efff378a8c93a77f61d9a788a99551dcbf67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e67e6bb0f4738d792cc273b2270d0a42

SHA1
c709a5e0c031330c8b20a51032a6c5eff00d4a14

SHA256
661238e4642115ae19a8958c7b79de4b64cc4686c2394385ea2f400fce62bb66

SHA512
6deb9c0beebc3448c995ce6ff5a27a1eff2013fbcd51b597f7dfb3e894b9274d6dfe69c9d1a9f436c7529803d1d4fe77df64ef6afc0de97f1b50ed280f217456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a195672af404f853f63b09db3a555e30

SHA1
2b4e1706131889fb7e9b6764ba2f650ee49fcafb

SHA256
e9bea191507541b711c14146a0db5e15ff4c05f6a6f72ce5cb541250ba67d186

SHA512
3855a0c9b2fa09e893f3e9682819be8a3afe6069b4992dc77c4b12f7e3a26594f7971bb986d4120352d9202f147ae5e08ec8eb6987a8170563ea7f44cb85158b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46c2652153eeac6af90052b1a256de69

SHA1
ebd03a0b48a5440cf6c761a31b813f67dc93773d

SHA256
606388ac9a9c472274dde251d5b1a342986a9eb2fc81d3ba8d32fa332305afae

SHA512
c59a0e20b8676a1fb03e7f626e44b4dbc3fdaf8f6eb64923418bec91a3c35cfc0354ca9d68618127cc75108250970fc9103b1c6764ea6e700a74b956b4ea0c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
faa61bd20b775004573b3333cad6618d

SHA1
f901690e56f2f75c6e4b06db7875e3865f03ee77

SHA256
2659111bd54b2228faa2f600ee9362d4493024467ff95a9cbc214435934b750e

SHA512
9b27e47bd0dda45239370a57bf03303594093b2797a5437a7c68c061555f8e65c1a6a049762caf0d86d3d810dc90cdca1fdf06daa464590d5d5789b43dc805a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a91811f7b0cef43371b697d8b7161ce2

SHA1
7e2a1265357bdc51ab677fffd7c253a2d3c1fe6e

SHA256
e67dc017ed07cd33188d212622e7ced6a00098bd0e40aa67b60b9ac3177792e9

SHA512
e8dffa7e5107507edffd7908ac0883b8c92405f0ce23d52631acddad242498919646b01317e5f82760afc0614ee7911c71af0303c39bbc7ffe2b9378ec1b02dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
7fb319229dea6d965639fa81c3de528f

SHA1
0aacf2fa4ba9617fd24c924f84677860b0c81a77

SHA256
56908fc27da955c9b9ee4719e6f8e3b5b4cacefd37261ab289e7a93279c20896

SHA512
5189562269f22a74baf5d98e4119ca0755ed1d9595de20b6edb0907fa195b5851fc4c2811980d79de5d2abf46d3f4291a075e1fd4326cc651f9c7a6799d473e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac90b493faf85613f3e40617b8a81aa6

SHA1
fa7d098a0112932b2bf639e057850464dd145396

SHA256
cb867662fbfe23838a95f456668911436892d3ad7d5a761b27e6ed764efbda38

SHA512
9f2d7b10a53f1e926b0877cd4a2bbbc0ccc00602ad4dfb563896ca1f32586261b3c0d08e2a260538ae8cca8ecf29d44dd97b47dfe189d7fe2b9bb54a6b2c4c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5202a76c9d2a8311468a1e6338fe8f89

SHA1
1152171ab18282a6f830bf967c418f63f683ed99

SHA256
993ce1f60ac8a5521adbba385c71efb9608bc71be759782992ecd424900d4776

SHA512
5d9d79708cea20dbd9afda6503dd349947e9e1833c3cfeaf179a19dba2acdc3b1fcce12bb582dcb45996df47a8cfc243f14d3123be5af39acc61cd6a60de01ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
80b39fbf5a1ad52f2fd4dd4ee1b05db5

SHA1
535ee140aee166fc745eafa6482bdf7a8e9403f4

SHA256
4029d1e6f0d629364a52dd162190d0103d5a0a395617e86dfb0433b611c2899b

SHA512
0d75528f123bec0e5baa4940e3977467f7271a938c77be59805caf2c65f353ee9c4291fd173da70e5ec5793d564c352e712349b9877150c0c2c2b8c3424ef682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f82a07dcfc03ab36658dc51f02b03f3

SHA1
666cbd00bc83e3d3bc9a72fbd748d5fedca1562f

SHA256
616a7c36ade6f75766cef95be35eec1db3a08dd29f4608fb55db56de78abde01

SHA512
9affed79300022ffa6eb3d8f76a61b64fa1498c3167cf1259f2b443f70fdc18f594ef2bb388622798dcdc12d9d6cac0be4dcf29ec6ab46d5395cf5a1c379abae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
2ef0a59df77d83bd0bda6624e00c2e6c

SHA1
c3dd880acc08c5b53aec907d1c78fa8aef5ca1fa

SHA256
f492cd7ceb44636011ae98408bf128b515dcdd7078fd146e95c370d0c1acf081

SHA512
a7207df423de4503b59573bf6301c719c05564d53f7c43182c572b0365b75eed2bf45b8cf8fa52813ccb8ff2d00eecf50e316c3e2400364459c545ccd5ee60b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9abc2306a8de744d25f092b16f7c3c2b

SHA1
7042cbfe4eaf7d069fe57bdb0f6da909b5972f6c

SHA256
7e6d04d215572b2386cb618a179d3337d7d5d9918682415e1ef912a26efad52f

SHA512
cfc55e13daef4c8fd99f83668a4c12ece23cfcce64714fc74f82b48b470c80b69e81028443d4547b1f62e8fce99e77175b54ccf1ae68c56ef69791f20c8a6a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4e87954f6c7805b1ec13b72c9e9aae22

SHA1
3a8fee671dbad377e8c95d3da038fe768eef081f

SHA256
1de0e94e036e751e55c1a3a6760a27f608ae0d916d6b9660c9ea2d9f4da5017d

SHA512
38383213dae1fd4722eb5d1967cdae438f4950617bb585d197439887f4c3d4970c3d09c3bb65f03dd3cee1c439789539572836f1141af873357ffe2b3950775b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
586e5c2c0873fc13c4d4eaa579330649

SHA1
924f5c968db46902d812107231282d0078097a59

SHA256
317cad76be4af3b1cb1b9b89fcd7af7972c9cdb8c47097de0f9ad89f8b05e9c6

SHA512
32ae9476b5214d6af3854c40a5c0b03da27b1499dffed47eb7fc64c89a81d94703ecd54b4696bb982a63fb3f6a5ae2f48a57f2822a81d778f81d3e0a6ce12552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ab3cde0114d1c84f54be9d782a492685

SHA1
a013eeee60d274b0cfcb38c46553d2491828624b

SHA256
b7184aec9f769db93c81bb701fa9c37746a151dc9b54577cc07ff0a8c61a0e71

SHA512
c271e0a426545112c44f96781703689134e006abe6c5e60205b868a5b6284b65808991c5c025dbc6648440f14aa405d9bff1e91a9c5e9d3730f125ec0d6179c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0459b820ffa7d9c3862920b3e47fb81d

SHA1
a8ae9df9a2e650fa719e7054918b01362dc69658

SHA256
9d6f08b69958258a44d5197bdc5c860ca5bca37db6ab8dd9f303d3a893bd06f7

SHA512
2cb59686df200c9c49bfeb3d593009f1d4411844c0c77ca84c45e6f44798abe885c07a3d92371bddcf22888c11b33a0b0220fe03be4d251dcc0c9e760ad57667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
631b9f4be02cc7e6df52d4193a725b99

SHA1
978842f29c2e2cd563a52c1ca229c9ef715983ac

SHA256
308f452d2e5a06e6e815da2c44f51f8c46b427444576a037c8ec21e64d65eaba

SHA512
7223ad3e59a6f15b114244b1defb8aea50b004b53a690bb4012089eb118c03f0c14eef9984016a526ccf91ec5a07ac016e2e272b87b1b56d37461279aaf96667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d8b88c7545a96c7f171881ab2cf8201c

SHA1
49b22187c4e087782084d132d2668e4b259bb919

SHA256
6ba3960fa8bd53e4c438a8ecbd1c48975f38677f82657c4c915f382ca0cb7546

SHA512
b89d3148317d930b76c0cadded23cfb8da9b2984f6862986e323d81f89b491c5614f43fe70524bf71b451c8a300b479b6a3d0f0a49ed021b3411274a7eaae937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
1492ff9c6e06c4133d5db4020126865e

SHA1
6ae1a1e936ed34dda41675f38e2c21ad036ec6fb

SHA256
852ee5b4be2e78bb4e2d02ba45d34a3eb7f01067e2abfc334f95e05e2c8e1415

SHA512
35e36226e746a5b7f95f0cf64b82968e63b6ee999c5649cc37625b15c9d6969e77ffe855b7b4ecf11f9529a4e40442f24927e33d8ebfb5647f26162bd9b57984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
83be9268274a411f76788472a821db4e

SHA1
53d93f8e9d3682332600a5587b199f3c9c7eaba5

SHA256
ceb2e7e5fba51345ec6d2f1fa84fcb8051a7055ec2c701a09fccf16292324b2a

SHA512
57e1699a1845170d8365c845889e3136ea455701f3065ee84233dc57804edcc51e2733bbbff3187e9003375f8e91cedc49b470fe01890dc1db3c8385cb9562c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b41f7.TMP

Filesize
120B

MD5
3bc566b01db1c1c960b5725dbe4de89f

SHA1
958da3e54129c86c2a5e7febe15da122f9047163

SHA256
39b19f7059670ed28944392066862ce23275cb063d0952ee38231a91611578f0

SHA512
43478d7000f8e55a4e7f3bc461b619dd30d5b6d96b6b6ff6b36065937f25f74a2f5ab63d64c8f729d5783d7ba7666ac6cc366642441bef43ce8cbbd24f69ce63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
d1a3755205c91ecbb84d852ca27cac2e

SHA1
7123a9505225d782fddc5b80acb4cc9befc23d6e

SHA256
ad2e72b79b5cbebd5868ae3bc1c794582e77f3ff5e11dd2ae3dad10b3b0418df

SHA512
b364b10035783c5f82efdf298872ab6c6abe0f2c1b441548a0350dff9295d060ef516b229ba77f949aed34cf21e3ed280558f4c79de194034a9769303a8c31ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
ceabe9f60183b02157410f7dd563b0dc

SHA1
7cf7764ea856abb37fed5bcd14a5eb355b01ad90

SHA256
469108d5cd714984a9b9fb13133b74bd9da1c940c7599796179c9958fd58574e

SHA512
1196c21e400c09d48cbd6bc2a2c9346050ad896c6d171d549c890b64fb57e27ea9218d0f92f48700de23b17f89e1d7b8b2cb722c2f5e670d4d492c8cab516de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
1bfa1e52f9e27490cfc127829ca29d99

SHA1
380532a193c1a730b8195a7e0c2a3619a794e751

SHA256
0880708dc190bebd24fa46249fa10e7a434e098b02c043d7761b6aea0924ec12

SHA512
946cd17a5d0b0b8485183484e554a86aca4d130987ff6c08844ff8e9d43027416bcfec8f20371a57507e5a4205b58953e39d883e2d2bb008c268e89eb100f217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5922d0.TMP

Filesize
88KB

MD5
13c541e029d62895128597c905bf5fb0

SHA1
b9df85ff267032acef4ff1520128158e94b29584

SHA256
6ce7cfacd983305c8f8911baa911b3e736a530eb2edb8f49f99a3f5feb1015e5

SHA512
2f2121a03a5492940d65f8ecd7e625be4da3bef9538bf035b48caa7ddcbc43ee9c43fe746f4b9c610f7055a0e795e5ce71cc457b004e13d6d70ce2adeef26863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d0214e0a-f727-4211-8586-23b926753013.tmp

Filesize
263KB

MD5
b7518433b093d172a6e5907c1774d92f

SHA1
7b5b906b61a2b8641718fb17e472ca566cc6bfb5

SHA256
2c9375d9015a55b67c19979fc4ee585dbcb9b522afa9dd0d9ad51360f78f381e

SHA512
064e8010a1a6dac0414a053096aa184e7b18868345d7f6ee8df8ded512029df63f4e6efdbe7c467d4f75ef9c8f18525913d846f178b79c74bda1c2e775f814b5

Download Submit
C:\Users\Admin\Downloads\PySilon-malware-main.zip.crdownload

Filesize
2.0MB

MD5
17fbe239d1caeb687bf4d5ea7652d6f9

SHA1
94e3b25041c59a0785f64e072d96d0830e1a042f

SHA256
a974f28684d62fb86112d66c02b36d0a3456ddfd7a0e3227f24e79a707bba79c

SHA512
b4fa75c69b8b8fae53f52d8777c1c7f62878da78f032c8aa6ca51c3b6db2b1ae48245b543e024260c8df402412c88c567c021dc788d323cc14b4b6c5243543d5

Download Submit