Malware Analysis Report

2024-11-15 07:41

Sample ID 240802-ls6lzsvblj
Target Sloro.exe
SHA256 8e90b5cc12b5336f1aec86520c5866704e52cbeabcfdcc752b9fe259605c2772
Tags
discovery pyinstaller pysilon upx evasion execution persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8e90b5cc12b5336f1aec86520c5866704e52cbeabcfdcc752b9fe259605c2772

Threat Level: Known bad

The file Sloro.exe was found to be: Known bad.

Malicious Activity Summary

discovery pyinstaller pysilon upx evasion execution persistence

Detect Pysilon

Pysilon family

Enumerates VirtualBox DLL files

Sets file to hidden

Command and Scripting Interpreter: PowerShell

Loads dropped DLL

UPX packed file

Executes dropped EXE

Adds Run key to start application

Drops file in System32 directory

Unsigned PE

Browser Information Discovery

Detects Pyinstaller

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Views/modifies file attributes

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-02 09:48

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:23

Platform

win7-20240704-en

Max time kernel

1556s

Max time network

1560s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.pyc\ = "pyc_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\.pyc C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000_CLASSES\pyc_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 6b68f01111c6effca5d9bdd49a21e16a
SHA1 4c63a612b8019ae655c3ad0e0b0a1e00794ab726
SHA256 71dc13cce8a996a57f44b24e271a436d5401151f8b4e21feba194d9d4d4c6397
SHA512 1f037f254892579504fbc5cea6eaba0e88b40c17a1174b9a835b729d400fafe37c128b608f37f70a99854540fb43e6e65c8a877433fb511d455bfe709df652ee

Analysis: behavioral10

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win10v2004-20240730-en

Max time kernel

1764s

Max time network

1155s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721909339-1374969515-2476821579-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721909339-1374969515-2476821579-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\passwords_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:23

Platform

win7-20240704-en

Max time kernel

303s

Max time network

1683s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2452 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Users\Admin\AppData\Local\Temp\Sloro.exe
PID 2452 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Users\Admin\AppData\Local\Temp\Sloro.exe
PID 2452 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Users\Admin\AppData\Local\Temp\Sloro.exe
PID 1720 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 1212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 916 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1720 wrote to memory of 2088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Sloro.exe

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

C:\Users\Admin\AppData\Local\Temp\Sloro.exe

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefadd9758,0x7fefadd9768,0x7fefadd9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1512 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1440 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1324,i,15931433241481620961,16950621868500358832,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.104:443 www.google.com udp
NL 142.250.27.104:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI24522\wheel-0.43.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI24522\python312.dll

MD5 506c760a20e6bb940590229d41449ffa
SHA1 b7c439f253987fb0ff66fc5ce959cf711b18eb8d
SHA256 e63503b2715df3eab8abb9b2682129e27a7add9acea9008f06f55494a2b2f3d5
SHA512 34df2e8e53caac0cd72cb3c5848296ca8cfa10c542c0a5f88385d6b35ab70b86957540de2ff105a27cefb37ccbb5789261a69132b535a857df32875c1f9deb9e

memory/908-1275-0x000007FEF5BE0000-0x000007FEF62A4000-memory.dmp

\??\pipe\crashpad_1720_FHGKLGEGHWDAOZLR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da3ef5dfb8a61810a6069aacd0946b30
SHA1 6eaeebe608d0e02c6bda01fd61b03a89e5c39606
SHA256 9582d2a3943ce0eab3244b9ad7df1bb0a98f4df878e91697b1c5b8a691132bb9
SHA512 4c724205259a948e7db408fc0a4789f04d033f1103fc47dd0eae1d0e562fd53393ddcb8ebfac15e595fb0b33ba4cdcb08fb65a2e747e8cd6789087d3fe847848

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c696a998935f12fdc38677b9b84ed8e
SHA1 aceda5abf12c491a43e41265458e90292c8e4f9d
SHA256 3ccae83269c82787f27b55f7f020dc1c86a342c4270272396a2a41a34e81178c
SHA512 7fa0df4e5d943ed50ce8c9f2ddbd842d3cd1d25e8ea83f761fce8978829fb1332ff521ed041c64f29ba32bddad9e02bdaae756b7257c94cb027125c70280464f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 784f60c6d468d77e9e0e521b1ecad40a
SHA1 d80f56c749a9831da7f5ee0fa8ed79fe92bb9219
SHA256 150823b3637ec4dfa09225e9991d9415f3aa7cde153dc98679e53ef1f5f30dde
SHA512 97dfa830601982497582306a4b86fd1bbfa420426bfea1f17ee4247e4a177bd024171688b066fc2ae6aca8aefb1dbb898754e916b166f61b2c9faa1588e3c113

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 559709d30108305c8c1147b7bda7ce6d
SHA1 11621584f8cc4a71dd01794f4c07001805d32fe3
SHA256 13508b4518d78f783c52f92791bd107907456465fd82bd53349c946278b8f07c
SHA512 2a3430227d880584f7ecbc49ef5dd23120d2f37912a75c4dc4268230fd222c0cf0d98aa4547a668edd5335dd53794c1f9e4829bac66e984f6a3fdddecd514689

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 03bea3114d5ec10b5f7caee8a9736e92
SHA1 b38d2e1ccf5fa59defe41f8f1c33d37e1a7d0132
SHA256 da14aa6a41f40aa59f95a4590746ffb981ef3c633a0b46bff18b4e96688c92d0
SHA512 e585252d41d7a23cfba35f78499523169137517f1c03e6c6d5135e27283c9c5a396b2b269a46b02548e294ab8c10362d746afc03049edba14662829d88f2e1c6

Analysis: behavioral4

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win10v2004-20240730-en

Max time kernel

1744s

Max time network

1153s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2951562807-3718269429-4208157415-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2951562807-3718269429-4208157415-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win10v2004-20240730-en

Max time kernel

1762s

Max time network

1143s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-195445723-368091294-1661186673-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win7-20240729-en

Max time kernel

1443s

Max time network

1444s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.pyc C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\.pyc\ = "pyc_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\misc.pyc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\misc.pyc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 dcdad5d92126ca253f843a0b5be6c153
SHA1 29c82dc98b88f30d5cd815e104eeb7e372f9e75c
SHA256 542701852f08c37f0d1e487cb3663c232141517c6ec69c33cd7f85b41a70b491
SHA512 59ca974fdb8ffc66c9dbf7d48c6eaf74e248edf84bb330a75c3c1c0c7f10e4051683514028a580198c21b1152b9b2fbd0895a4bbeae559eed63541538a3c90f3

Analysis: behavioral8

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win10v2004-20240730-en

Max time kernel

1680s

Max time network

1151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3881032017-2947584075-2120384563-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3881032017-2947584075-2120384563-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\misc.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:23

Platform

win7-20240704-en

Max time kernel

1556s

Max time network

1558s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file\ C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.pyc C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\.pyc\ = "pyc_auto_file" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000_CLASSES\pyc_auto_file\shell C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 dba550e68bf7ae38779027d7d0717817
SHA1 447f5c7d0096d0a39c57a83121840dad25a66ad1
SHA256 7f814776b2e1eef50214ae0f5eae5b08efd6936ea3c01bc2efd179d4c75ef906
SHA512 ab4e7a39d3f040d8b4ecf6cb275abfe8ab325d6a2633aadb0849ceec20a0d3ed50030a5b004578441c60e1e4b7e2d428bdab3a65fc51e56c6c39f90a3d1c8218

Analysis: behavioral12

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win10v2004-20240730-en

Max time kernel

1672s

Max time network

1140s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2927035347-1736702767-189270196-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2927035347-1736702767-189270196-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:23

Platform

win10v2004-20240730-en

Max time kernel

1800s

Max time network

1748s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

Signatures

Enumerates VirtualBox DLL files

Description Indicator Process Target
File opened (read-only) C:\windows\system32\vboxhook.dll C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
File opened (read-only) C:\windows\system32\vboxmrxnp.dll C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Sets file to hidden

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Sloro-executor-main\Sloro.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Sloroexecutor = "C:\\Users\\Admin\\Sloro-executor-main\\Sloro.exe" C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670660445794194" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 472 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Users\Admin\AppData\Local\Temp\Sloro.exe
PID 472 wrote to memory of 868 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Users\Admin\AppData\Local\Temp\Sloro.exe
PID 868 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 868 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Windows\system32\cmd.exe
PID 868 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\Sloro.exe C:\Windows\system32\cmd.exe
PID 5732 wrote to memory of 5812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5976 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 5992 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5732 wrote to memory of 6032 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Sloro.exe

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

C:\Users\Admin\AppData\Local\Temp\Sloro.exe

"C:\Users\Admin\AppData\Local\Temp\Sloro.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x508 0x510

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\Sloro-executor-main\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\Sloro-executor-main\activate.bat

C:\Windows\system32\attrib.exe

attrib +s +h .

C:\Users\Admin\Sloro-executor-main\Sloro.exe

"Sloro.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "Sloro.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffcaa2ccc40,0x7ffcaa2ccc4c,0x7ffcaa2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2068,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2064 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3280,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4832,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4940,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4948 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4392,i,5389052050641147570,6709831405091496013,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3504 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 65.139.73.23.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.147:443 www.google.com tcp
NL 142.250.27.147:443 www.google.com udp
US 8.8.8.8:53 94.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 147.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.102.138:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
NL 142.250.102.138:443 clients2.google.com tcp
US 8.8.8.8:53 138.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 171.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI4722\wheel-0.43.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI4722\python312.dll

MD5 506c760a20e6bb940590229d41449ffa
SHA1 b7c439f253987fb0ff66fc5ce959cf711b18eb8d
SHA256 e63503b2715df3eab8abb9b2682129e27a7add9acea9008f06f55494a2b2f3d5
SHA512 34df2e8e53caac0cd72cb3c5848296ca8cfa10c542c0a5f88385d6b35ab70b86957540de2ff105a27cefb37ccbb5789261a69132b535a857df32875c1f9deb9e

C:\Users\Admin\AppData\Local\Temp\_MEI4722\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

memory/868-1277-0x00007FFCA9430000-0x00007FFCA9AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI4722\base_library.zip

MD5 1736b196dda9607e73f615ecaddfd30a
SHA1 d84394a9970ce620c2b6a0fc5ddb46f82856767a
SHA256 1884d4eba71e943d4936c6d7a301c43a1e236cad2c5fef65e9cc0f065c843658
SHA512 3ceec0fecbb315139ad7970b466289e55360e78c965231a86db7d0b4e9f06e023668f51c70608964d7e06e48352e3e4c53a203f328a817306a538428912fb6f8

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_ctypes.pyd

MD5 9b718ce91a49157047c8ad57ab67b7b7
SHA1 55befa0ec91b724c27de29c0d2e9cf645daee5e0
SHA256 129443f9fbc7b8e80ab55403f33112353b3266f9be2aa75112af01627167761d
SHA512 f1f46ce129809618f744d31390b272639af4c885414c463fdbfffbafb8bdd26580ae81e6c0a8da52992ee10112bd09add37c67c9fc54218a2f97645d157ea232

C:\Users\Admin\AppData\Local\Temp\_MEI4722\python3.DLL

MD5 a07661c5fad97379cf6d00332999d22c
SHA1 dca65816a049b3cce5c4354c3819fef54c6299b0
SHA256 5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b
SHA512 6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libffi-8.dll

MD5 013a0b2653aa0eb6075419217a1ed6bd
SHA1 1b58ff8e160b29a43397499801cf8ab0344371e7
SHA256 e9d8eb01bb9b02ce3859ba4527938a71b4668f98897d46f29e94b27014036523
SHA512 0bd13fa1d55133ee2a96387e0756f48133987bacd99d1f58bab3be7bffdf868092060c17ab792dcfbb4680f984f40d3f7cc24abdd657b756496aa8884b8f6099

memory/868-1287-0x00007FFCC1A50000-0x00007FFCC1A5F000-memory.dmp

memory/868-1286-0x00007FFCB93A0000-0x00007FFCB93C5000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_bz2.pyd

MD5 74aad55dc2ffae6a7763a95db6bf80f3
SHA1 eb1b2f7f9ec42a982d186631af92bdb6be214433
SHA256 21775c01c7dc3558d13eb4f37258f6e480605b7fcde9d586c341d4ab9ebb6d08
SHA512 7a7bd790a6cab3e6d2e9b95123ba4325d11cbfcfd257e0955698aa8248e0262a5577297cdd1413c79b66fa22b5e8cf7707d68735309cc9445d600118b65b08df

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libcrypto-3.dll

MD5 8fed6a2bbb718bb44240a84662c79b53
SHA1 2cd169a573922b3a0e35d0f9f252b55638a16bca
SHA256 f8de79a5dd7eeb4b2a053315ab4c719cd48fe90b0533949f94b6a291e6bc70fd
SHA512 87787593e6a7d0556a4d05f07a276ffdbef551802eb2e4b07104362cb5af0b32bffd911fd9237799e10e0c8685e9e7a7345c3bce2ad966843c269b4c9bd83e03

memory/868-1337-0x00007FFCBE490000-0x00007FFCBE4A4000-memory.dmp

memory/868-1336-0x00007FFCB9160000-0x00007FFCB918D000-memory.dmp

memory/868-1335-0x00007FFCBECB0000-0x00007FFCBECCA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libssl-3.dll

MD5 37c7f14cd439a0c40d496421343f96d5
SHA1 1b6d68159e566f3011087befdcf64f6ee176085c
SHA256 b9c8276a3122cacba65cfa78217fef8a6d4f0204548fcacce66018cb91cb1b2a
SHA512 f446fd4bd351d391006d82198f7f679718a6e17f14ca5400ba23886275ed5363739bfd5bc01ca07cb2af19668dd8ab0b403bcae139d81a245db2b775770953ea

C:\Users\Admin\AppData\Local\Temp\_MEI4722\freetype.dll

MD5 04a9825dc286549ee3fa29e2b06ca944
SHA1 5bed779bf591752bb7aa9428189ec7f3c1137461
SHA256 50249f68b4faf85e7cd8d1220b7626a86bc507af9ae400d08c8e365f9ab97cde
SHA512 0e937e4de6cbc9d40035b94c289c2798c77c44fc1dc7097201f9fab97c7ff9e56113c06c51693f09908283eda92945b36de67351f893d4e3162e67c078cff4ec

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_ssl.pyd

MD5 241e2ce602aedc6b430e018c73bb5605
SHA1 f22dfbc4307061306bb1cc34db2bb4f2441eed51
SHA256 0040f856982f22fb094f98b6f9481cdb744a85c60026b2c0496bc1184dc40ba4
SHA512 e54ef710b01e3fc24448da0ff830d35452419125fc543a8cc7aa1dc324478e6046db1757e78a2472caa1a86de6a244259d189dcb47968e1e2f73bca1f4e97fcc

C:\Users\Admin\AppData\Local\Temp\_MEI4722\select.pyd

MD5 817f8ae0004cad53add3d4be078bff0e
SHA1 b7e1389bc3b6692efd375c5e57670d5617eda510
SHA256 bdf8837a2492e1a0b0382857adc739019d77c886c3664ab4143e5286911e9727
SHA512 d49b0bf22d2368b83a6809aa716bd149911e58b2e204283d41acd7266929d638b293b8c1aa2dda7a834a69f3fdace6419f4c01d50b734924e06fd5d238911dc2

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_socket.pyd

MD5 13144eb5300f5a7f02adab0342a2f55d
SHA1 c841b0e70f7978eb4f22722509fbfdf8cc831133
SHA256 b076fb9ce236cd38127ec21af96092a11791c4200916509fdac3f03b029987e6
SHA512 9a786eb6f84a67b6120c5f7eeb55055083add35bb015de625efa185ea59c50659b496495de170afb81683cf30ef949b356b17c954c9216fc93e3ad91e10c3d38

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_hashlib.pyd

MD5 2b85b0a6b020e2e377cec3d8a46af878
SHA1 4b72c840e5b5471e7ee03333f6350192f9f8516b
SHA256 47a9670dea27d8bdf5f935269ee293733963d363d588a76ba0fe5825470993e6
SHA512 9570a280634925fdb0a717beb46593ee36f47e1875a7b5588b547f39d2c0ec305e729aede8c81196e22e04763e6eadd49f21dbc645339cbb9c37300e49ebdefc

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_wmi.pyd

MD5 f1c44125a2134a260e46fa4edab110c5
SHA1 e9d9176f69cc6796b1f8d41ea8deda6e903775f7
SHA256 852b118255f39fd5d4dea098fb61b2d2600454a1075f366bd24b76cfbd2af59e
SHA512 664b2eb36e704dfab04e530a0bf19a00235e91cfd399070535f7e01024f19ecac03c17ab202fb3ac3cee6a877796c9f2377dd32e7bdd627ad7f9c8da0ab6676b

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_uuid.pyd

MD5 50521b577719195d7618a23b3103d8aa
SHA1 7020d2e107000eaf0eddde74bc3809df2c638e22
SHA256 acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78
SHA512 4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_tkinter.pyd

MD5 f7dd4076a47dd6cd28543dc383d417d3
SHA1 dca4c35e5f35ae1527f372e8876619cd8a13648f
SHA256 de5fb49f824ea61467ba93baaea46e5b76597b149886edd9584984305fcdd882
SHA512 9459bca2c01e43d480522ffc8e8e748e5bc18a0111b5cb9e17b47391e996d400058a73840bf9134cfbf3b1b07e09d53364b371c70d7f532db203ad1ea90e2b50

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_testinternalcapi.pyd

MD5 e77ecc74dd345dff54fec30fd2238cdf
SHA1 f15919eeb1c63f71bf9149e9972907f8edb799e6
SHA256 bbb3a7a9963a61b97714981a5f6fcdde913bc4cdfef9313ca098e3f340ba665f
SHA512 6f03ce1ff3efdfcf004abc001d0fd35d89fec50f8e04976f80f29af466f9e91df8de3c506281f5dca3647d99a104f6b01cf0b77b8f1f9653db9df1ebb1b00661

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_testcapi.pyd

MD5 2baf7b51969c65a47900505ad2dc1357
SHA1 23989af5c69ff3b89c9096abe94cf981d031fe47
SHA256 4206da9c46c1a885df10181ab0c6b1cb9fcc93556db31f3b5710bd6f2b2a7ccc
SHA512 b285253127ab561530d8caaac7c4d065977541e08a7408dd544937bd483ed6687cad9d024f09989bf26d5502f8f9b81700c3c39627e2de9ef34769f094072a62

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_sqlite3.pyd

MD5 4ee5551802380e7493297de32c73a8be
SHA1 680444cdfe0877024599b1007d0dfacda5f96573
SHA256 ffca9eaaf35a740aa43af69d30b74c8dbd8a06b1766541fd112c7ad8ca40f1e1
SHA512 f8d650332413a1e7a0f280d9259cd5229a3e19764fa48427b233c310467a59ba334655a5ba720cbecc75ec842fc960fb23908ad04d6fe0af4eef6b95be28a275

memory/868-1343-0x00007FFCA8F00000-0x00007FFCA9429000-memory.dmp

memory/868-1351-0x00007FFCA8D10000-0x00007FFCA8E2B000-memory.dmp

memory/868-1350-0x00007FFCB90F0000-0x00007FFCB9117000-memory.dmp

memory/868-1349-0x00007FFCBAA10000-0x00007FFCBAA1B000-memory.dmp

memory/868-1348-0x00007FFCBB460000-0x00007FFCBB46D000-memory.dmp

memory/868-1347-0x00007FFCA8E30000-0x00007FFCA8EFD000-memory.dmp

memory/868-1346-0x00007FFCB9120000-0x00007FFCB9153000-memory.dmp

memory/868-1345-0x00007FFCBCCC0000-0x00007FFCBCCCD000-memory.dmp

memory/868-1344-0x00007FFCBC5B0000-0x00007FFCBC5C9000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_queue.pyd

MD5 4d8fdec3abdc245810f6d231bdea80af
SHA1 7ad482110912a652be7967258367d23d16c02003
SHA256 e1f01c581ff5e8f05b6bbdd7bfb0402838904ecccfb0d73cbd70281fccb0566b
SHA512 d2de635a8ac6ff5d8b63ec75d3c0dca36f62465c6c52ad92ae710dcf3dfd94fd42b132e7dff54e48d2c4eaa05f1ae6804a40c71c879b460b9fdbd21294cb3316

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_overlapped.pyd

MD5 1e2516c8ba9086e156a8c56d3d012e95
SHA1 ad78681664be2cd085abe5e186e8f61ead85278f
SHA256 c9ce4deab0a5b28569b6a99be1eab9caa6cb406b771d115b01915ca633e9ef16
SHA512 1aa2c7e782f419ce06fbea4f2fbce2a47d02f568cd7e70c8607e7a674254982d63edced78001bf342fc845dee41bab321839101de383104ef03d2c2e666ea9b9

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_multiprocessing.pyd

MD5 a04aac917db410f68e3376586ce3f5b1
SHA1 6a0f93d31178c2a9c785e9f0a136f49ed170196d
SHA256 4ab23d33191d5fc9ab861c19ae22d648504579742619db665a882195ae18bd07
SHA512 fd4222396c18414cd03f5dc6eb38d8ae2548cb1fd356bec48e93a86acf6239d799cdbd09fd6469f8abd89a8ab96076329908ef988faf29bda6b6d2f2ec582d55

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_elementtree.pyd

MD5 f0b2c7e9cf5d17b2d6e6d1c17e708c07
SHA1 ad26bd417e718595991bf21ebc4fdecb55b5de34
SHA256 5763c0e5cd345703b139412a9fe10d685ccc496ab0415db37017fadef5213c7b
SHA512 2797c1bd52c3460dbd58ab7c652e9f16ee09ddd115b72926f24d1a20a5ffb401b522b567ad95c25d6e0b0d395ab8f66afd97efa70c71929ac3a9a61a062682ed

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_decimal.pyd

MD5 87b7a3775b61ed91fa8e809250ac390e
SHA1 ad75ce91ff4e9a13392bb24d8dcc6ccd31230e91
SHA256 b5e352bed299132be36ab22e66b613a9f5c8b6a1a8ef534e2c1ebd18c55cb0ba
SHA512 7cce30a4f89c1821175ecbafdbb577281ad2a65bad3ace5d6655024bb04678584ca5de4faeab81297193c9c26009d129b16ed1930601e47a63575c46e4755c91

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_cffi_backend.cp312-win_amd64.pyd

MD5 6e8500d570b12d9e76c94ad5a22b6f21
SHA1 702b6310c0fa791d3901a8372782c6bf387f1adb
SHA256 e320d83858d951b1dc97a8260e54d0c760706dd2d5471f22642926ec69881e04
SHA512 9cf0a44baebe4eb01f02d5596bbc7b4fd09ac81d4b345da3d52159226462f27abcbf6f6aab43f549a57ef34bf437c1f3e4b1fb78cd7a7bb5c1f291495d2dff58

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_asyncio.pyd

MD5 60b4b1046e19c70a19046fdb1e18e344
SHA1 1d8215a038b185d7934136108676b33bd80bdfea
SHA256 8a9d6828109fb314a5ab1ac0c431893476a06dae3f9c1c7ce8df44eb9f5e18bc
SHA512 9ce01376b531af06f909cd4c9c8dda12277b07ba1ae3b8c2ceefe7235372980f922d69151bacfe4874c4eb3b12384e4647d8c1526d4b99b4ebc74e4385b3ed00

C:\Users\Admin\AppData\Local\Temp\_MEI4722\zlib1.dll

MD5 ee06185c239216ad4c70f74e7c011aa6
SHA1 40e66b92ff38c9b1216511d5b1119fe9da6c2703
SHA256 0391066f3e6385a9c0fe7218c38f7bd0b3e0da0f15a98ebb07f1ac38d6175466
SHA512 baae562a53d491e19dbf7ee2cff4c13d42de6833036bfdaed9ed441bcbf004b68e4088bd453b7413d60faaf1b334aee71241ba468437d49050b8ccfa9232425d

C:\Users\Admin\AppData\Local\Temp\_MEI4722\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI4722\unicodedata.pyd

MD5 967093dec6866b7944ecf08adf0f8b3a
SHA1 69e8f5237f381e413e23d802a8fa6f7d70c44b92
SHA256 739dfdfca8853f7e2196d1f1353048e77961a5c4889daf30f7c7c08215aa9d90
SHA512 b41491b118ad8fdc9ac0028e178fbc89007a85c74230a29b6c41237a52b6365a5845866c4f9201c42d03126cfad4cbf9cba2547e39422c3a163e0c2f7d5bceaf

C:\Users\Admin\AppData\Local\Temp\_MEI4722\tk86t.dll

MD5 bf1d7af04bd85c7744b07ed2997ae08a
SHA1 b5f955a4f8099ec0a73c2e124729695bc479ae29
SHA256 7bb1713c5353d94f71da72a1ba2a2f9400d1767e84de5e7cd90d8413374337b4
SHA512 b8ba0842ecc1612173b33da732cce5d3f38f6d1955c1aa9cddfee963b8ba91e384570ae96600cab067dbc6135c13c63468727c5a25bce8b5805f96a482263b7d

C:\Users\Admin\AppData\Local\Temp\_MEI4722\tcl86t.dll

MD5 458926e56c4926906c6882d5e6613958
SHA1 f7d213738a08bd91740f215e06227aa09c4b164d
SHA256 a68189718dfc2b7f86007bd8947102e1be44947b336fb1a0629884d025e6c244
SHA512 a5ecbdf79cba499a70b7bec20af87b7c4d4f7f7fb2112bd86914392fae8f858c9041798654f350293c3f47be9c499c7faf7de6f77ae7c32b075866c98c8d17d1

C:\Users\Admin\AppData\Local\Temp\_MEI4722\sqlite3.dll

MD5 ba628e060749b4cc943c4dfe800d3b62
SHA1 b12999cd7f28af401d91137e13f0badd65ffbf88
SHA256 54859a21c91efa7f91b5d0e51bfe29f87f24dd7f20645ce7e285159bd2f677c6
SHA512 166d473e25c1de83b4b750fc8b3363c273980db044c18645ee8bc25fdeab3077f0d79ec616292b2e436ca0f0b8a44df38be51cfbb45d719ae76f5171f017a858

C:\Users\Admin\AppData\Local\Temp\_MEI4722\SDL2_ttf.dll

MD5 eb0ce62f775f8bd6209bde245a8d0b93
SHA1 5a5d039e0c2a9d763bb65082e09f64c8f3696a71
SHA256 74591aab94bb87fc9a2c45264930439bbc0d1525bf2571025cd9804e5a1cd11a
SHA512 34993240f14a89179ac95c461353b102ea74e4180f52c206250bb42c4c8427a019ea804b09a6903674ac00ab2a3c4c686a86334e483110e79733696aa17f4eb6

C:\Users\Admin\AppData\Local\Temp\_MEI4722\SDL2_mixer.dll

MD5 b7b45f61e3bb00ccd4ca92b2a003e3a3
SHA1 5018a7c95dc6d01ba6e3a7e77dd26c2c74fd69bc
SHA256 1327f84e3509f3ccefeef1c12578faf04e9921c145233687710253bf903ba095
SHA512 d3449019824124f3edbda57b3b578713e9c9915e173d31566cd8e4d18f307ac0f710250fe6a906dd53e748db14bfa76ec1b58a6aef7d074c913679a47c5fdbe7

C:\Users\Admin\AppData\Local\Temp\_MEI4722\SDL2_image.dll

MD5 25e2a737dcda9b99666da75e945227ea
SHA1 d38e086a6a0bacbce095db79411c50739f3acea4
SHA256 22b27380d4f1f217f0e5d5c767e5c244256386cd9d87f8ddf303baaf9239fc4c
SHA512 63de988387047c17fd028a894465286fd8f6f8bd3a1321b104c0ceb5473e3e0b923153b4999143efbdd28684329a33a5b468e43f25214037f6cddd4d1884adb8

C:\Users\Admin\AppData\Local\Temp\_MEI4722\SDL2.dll

MD5 ec3c1d17b379968a4890be9eaab73548
SHA1 7dbc6acee3b9860b46c0290a9b94a344d1927578
SHA256 aaa11e97c3621ed680ff2388b91acb394173b96a6e8ffbf3b656079cd00a0b9f
SHA512 06a7880ec80174b48156acd6614ab42fb4422cd89c62d11a7723a3c872f213bfc6c1006df8bdc918bb79009943d2b65c6a5c5e89ad824d1a940ddd41b88a1edb

C:\Users\Admin\AppData\Local\Temp\_MEI4722\pyexpat.pyd

MD5 b0c77ba1a5d91861991b0619211f50ea
SHA1 a247c9bef6a5f90310b80a0bc559a3da6d7807e7
SHA256 2587785556ab9f375c159515d39d8c61802f5fba06df8a7cc24566d4f5263eb6
SHA512 ae340e0e03bfeb1a5b05c4b2d119228ee835aa0728f8636bca84ac09ade556515f4dd0367663e8e22706123bd8275e511e45dd4c4df261778c614493ea2a375e

C:\Users\Admin\AppData\Local\Temp\_MEI4722\portmidi.dll

MD5 0df0699727e9d2179f7fd85a61c58bdf
SHA1 82397ee85472c355725955257c0da207fa19bf59
SHA256 97a53e8de3f1b2512f0295b5de98fa7a23023a0e4c4008ae534acdba54110c61
SHA512 196e41a34a60de83cb24caa5fc95820fd36371719487350bc2768354edf39eeb6c7860ff3fd9ecf570abb4288523d7ab934e86e85202b9753b135d07180678cd

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libwebp-7.dll

MD5 b0dd211ec05b441767ea7f65a6f87235
SHA1 280f45a676c40bd85ed5541ceb4bafc94d7895f3
SHA256 fc06b8f92e86b848a17eaf7ed93464f54ed1f129a869868a74a75105ff8ce56e
SHA512 eaeb83e46c8ca261e79b3432ec2199f163c44f180eb483d66a71ad530ba488eb4cdbd911633e34696a4ccc035e238bc250a8247f318aa2f0cd9759cad4f90fff

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libtiff-5.dll

MD5 ebad1fa14342d14a6b30e01ebc6d23c1
SHA1 9c4718e98e90f176c57648fa4ed5476f438b80a7
SHA256 4f50820827ac76042752809479c357063fe5653188654a6ba4df639da2fbf3ca
SHA512 91872eaa1f3f45232ab2d753585e650ded24c6cc8cc1d2a476fa98a61210177bd83570c52594b5ad562fc27cb76e034122f16a922c6910e4ed486da1d3c45c24

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libpng16-16.dll

MD5 55009dd953f500022c102cfb3f6a8a6c
SHA1 07af9f4d456ddf86a51da1e4e4c5b54b0cf06ddb
SHA256 20391787cba331cfbe32fbf22f328a0fd48924e944e80de20ba32886bf4b6fd2
SHA512 4423d3ec8fef29782f3d4a21feeac9ba24c9c765d770b2920d47b4fb847a96ff5c793b20373833b4ff8bc3d8fa422159c64beffb78ce5768ed22742740a8c6c6

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libopusfile-0.dll

MD5 2d5274bea7ef82f6158716d392b1be52
SHA1 ce2ff6e211450352eec7417a195b74fbd736eb24
SHA256 6dea07c27c0cc5763347357e10c3b17af318268f0f17c7b165325ce524a0e8d5
SHA512 9973d68b23396b3aa09d2079d18f2c463e807c9c1fdf4b1a5f29d561e8d5e62153e0c7be23b63975ad179b9599ff6b0cf08ebdbe843d194483e7ec3e7aeb232a

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libopus-0.x64.dll

MD5 e56f1b8c782d39fd19b5c9ade735b51b
SHA1 3d1dc7e70a655ba9058958a17efabe76953a00b4
SHA256 fa8715dd0df84fdedbe4aa17763b2ab0db8941fa33421b6d42e25e59c4ae8732
SHA512 b7702e48b20a8991a5c537f5ba22834de8bb4ba55862b75024eace299263963b953606ee29e64d68b438bb0904273c4c20e71f22ccef3f93552c36fb2d1b2c46

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libopus-0.dll

MD5 3fb9d9e8daa2326aad43a5fc5ddab689
SHA1 55523c665414233863356d14452146a760747165
SHA256 fd8de9169ccf53c5968eec0c90e9ff3a66fb451a5bf063868f3e82007106b491
SHA512 f263ea6e0fab84a65fe3a9b6c0fe860919eee828c84b888a5aa52dea540434248d1e810a883a2aff273cd9f22c607db966dd8776e965be6d2cfe1b50a1af1f57

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libogg-0.dll

MD5 0d65168162287df89af79bb9be79f65b
SHA1 3e5af700b8c3e1a558105284ecd21b73b765a6dc
SHA256 2ec2322aec756b795c2e614dab467ef02c3d67d527ad117f905b3ab0968ccf24
SHA512 69af81fd2293c31f456b3c78588bb6a372fe4a449244d74bfe5bfaa3134a0709a685725fa05055cfd261c51a96df4b7ebd8b9e143f0e9312c374e54392f8a2c2

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libmodplug-1.dll

MD5 2bb2e7fa60884113f23dcb4fd266c4a6
SHA1 36bbd1e8f7ee1747c7007a3c297d429500183d73
SHA256 9319bf867ed6007f3c61da139c2ab8b74a4cb68bf56265a101e79396941f6d3b
SHA512 1ddd4b9b9238c1744e0a1fe403f136a1def8df94814b405e7b01dd871b3f22a2afe819a26e08752142f127c3efe4ebae8bfd1bd63563d5eb98b4644426f576b2

C:\Users\Admin\AppData\Local\Temp\_MEI4722\libjpeg-9.dll

MD5 c22b781bb21bffbea478b76ad6ed1a28
SHA1 66cc6495ba5e531b0fe22731875250c720262db1
SHA256 1eed2385030348c84bbdb75d41d64891be910c27fab8d20fc9e85485fcb569dd
SHA512 9b42cad4a715680a27cd79f466fd2913649b80657ff042528cba2946631387ed9fb027014d215e1baf05839509ca5915d533b91aa958ae0525dea6e2a869b9e4

C:\Users\Admin\AppData\Local\Temp\_MEI4722\crypto_clipper.json

MD5 8bff94a9573315a9d1820d9bb710d97f
SHA1 e69a43d343794524b771d0a07fd4cb263e5464d5
SHA256 3f7446866f42bcbeb8426324d3ea58f386f3171abe94279ea7ec773a4adde7d7
SHA512 d5ece1ea9630488245c578cb22d6d9d902839e53b4550c6232b4fb9389ef6c5d5392426ea4a9e3c461979d6d6aa94ddf3b2755f48e9988864788b530cdfcf80f

C:\Users\Admin\AppData\Local\Temp\_MEI4722\_lzma.pyd

MD5 52c7db037e5d3cca65dee601286ca2c7
SHA1 eaa58f4e3386f2b279c8bd719fa195274a97ec41
SHA256 6a78157f4a558c8578b14de47d76a4cd766cbee7ed65d25e715838489bd1b406
SHA512 b8ef09ac685fd7dd39ab3d693b5ffe2bf4667e6f1127e18de1cf073316eda10488e39a043f17ac1b595888fed5a27c40434b2e3c3c2467edece5e04c9a15c70e

memory/868-1371-0x00007FFCB9050000-0x00007FFCB905C000-memory.dmp

memory/868-1370-0x00007FFCB9060000-0x00007FFCB906C000-memory.dmp

memory/868-1369-0x00007FFCB90D0000-0x00007FFCB90DB000-memory.dmp

memory/868-1368-0x00007FFCB8CE0000-0x00007FFCB8CF6000-memory.dmp

memory/868-1367-0x00007FFCB8FD0000-0x00007FFCB8FDC000-memory.dmp

memory/868-1366-0x00007FFCB8D00000-0x00007FFCB8D12000-memory.dmp

memory/868-1365-0x00007FFCB8FE0000-0x00007FFCB8FED000-memory.dmp

memory/868-1364-0x00007FFCB8FF0000-0x00007FFCB8FFC000-memory.dmp

memory/868-1363-0x00007FFCB9000000-0x00007FFCB900C000-memory.dmp

memory/868-1362-0x00007FFCB9010000-0x00007FFCB901B000-memory.dmp

memory/868-1361-0x00007FFCB9020000-0x00007FFCB902B000-memory.dmp

memory/868-1360-0x00007FFCB9030000-0x00007FFCB903C000-memory.dmp

memory/868-1359-0x00007FFCB9040000-0x00007FFCB904E000-memory.dmp

memory/868-1358-0x00007FFCA9430000-0x00007FFCA9AF4000-memory.dmp

memory/868-1357-0x00007FFCB90E0000-0x00007FFCB90EC000-memory.dmp

memory/868-1356-0x00007FFCB91E0000-0x00007FFCB91EB000-memory.dmp

memory/868-1355-0x00007FFCB9380000-0x00007FFCB938C000-memory.dmp

memory/868-1354-0x00007FFCB9390000-0x00007FFCB939B000-memory.dmp

memory/868-1353-0x00007FFCB9A40000-0x00007FFCB9A4B000-memory.dmp

memory/868-1352-0x00007FFCB9E80000-0x00007FFCB9E8F000-memory.dmp

memory/868-1372-0x00007FFCB8CC0000-0x00007FFCB8CD2000-memory.dmp

memory/868-1376-0x00007FFCB8C70000-0x00007FFCB8C92000-memory.dmp

memory/868-1375-0x00007FFCB93A0000-0x00007FFCB93C5000-memory.dmp

memory/868-1374-0x00007FFCB8CA0000-0x00007FFCB8CB4000-memory.dmp

memory/868-1373-0x00007FFCA8F00000-0x00007FFCA9429000-memory.dmp

memory/868-1381-0x00007FFCBB470000-0x00007FFCBB481000-memory.dmp

memory/868-1382-0x00007FFCB9E80000-0x00007FFCB9E8F000-memory.dmp

memory/868-1380-0x00007FFCBB490000-0x00007FFCBB4DC000-memory.dmp

memory/868-1379-0x00007FFCC0BD0000-0x00007FFCC0BE9000-memory.dmp

memory/868-1378-0x00007FFCC0BF0000-0x00007FFCC0C07000-memory.dmp

memory/868-1377-0x00007FFCBE490000-0x00007FFCBE4A4000-memory.dmp

memory/868-1383-0x00007FFCB9400000-0x00007FFCB941E000-memory.dmp

memory/868-1384-0x00007FFCB88D0000-0x00007FFCB892D000-memory.dmp

memory/868-1385-0x00007FFCB8890000-0x00007FFCB88C9000-memory.dmp

memory/868-1386-0x00007FFCB93D0000-0x00007FFCB93F9000-memory.dmp

memory/868-1388-0x00007FFCB8830000-0x00007FFCB8854000-memory.dmp

memory/868-1387-0x00007FFCB8860000-0x00007FFCB888E000-memory.dmp

memory/868-1389-0x00007FFCB86B0000-0x00007FFCB882F000-memory.dmp

memory/868-1391-0x00007FFCB8690000-0x00007FFCB86A8000-memory.dmp

memory/868-1390-0x00007FFCB8C70000-0x00007FFCB8C92000-memory.dmp

memory/868-1400-0x00007FFCB8630000-0x00007FFCB863C000-memory.dmp

memory/868-1399-0x00007FFCB8640000-0x00007FFCB864B000-memory.dmp

memory/868-1398-0x00007FFCBB490000-0x00007FFCBB4DC000-memory.dmp

memory/868-1397-0x00007FFCB8650000-0x00007FFCB865C000-memory.dmp

memory/868-1396-0x00007FFCB8660000-0x00007FFCB866B000-memory.dmp

memory/868-1395-0x00007FFCB8670000-0x00007FFCB867C000-memory.dmp

memory/868-1394-0x00007FFCB8680000-0x00007FFCB868B000-memory.dmp

memory/868-1393-0x00007FFCB8A90000-0x00007FFCB8A9B000-memory.dmp

memory/868-1392-0x00007FFCC0BF0000-0x00007FFCC0C07000-memory.dmp

memory/868-1414-0x00007FFCB85B0000-0x00007FFCB85BD000-memory.dmp

memory/868-1413-0x00007FFCB85C0000-0x00007FFCB85CC000-memory.dmp

memory/868-1412-0x00007FFCB8580000-0x00007FFCB858C000-memory.dmp

memory/868-1411-0x00007FFCB8590000-0x00007FFCB85A2000-memory.dmp

memory/868-1410-0x00007FFCB86B0000-0x00007FFCB882F000-memory.dmp

memory/868-1409-0x00007FFCB85D0000-0x00007FFCB85DC000-memory.dmp

memory/868-1408-0x00007FFCB8830000-0x00007FFCB8854000-memory.dmp

memory/868-1407-0x00007FFCB85E0000-0x00007FFCB85EB000-memory.dmp

memory/868-1406-0x00007FFCB93D0000-0x00007FFCB93F9000-memory.dmp

memory/868-1405-0x00007FFCB85F0000-0x00007FFCB85FB000-memory.dmp

memory/868-1404-0x00007FFCB8600000-0x00007FFCB860C000-memory.dmp

memory/868-1403-0x00007FFCB88D0000-0x00007FFCB892D000-memory.dmp

memory/868-1402-0x00007FFCB8610000-0x00007FFCB861E000-memory.dmp

memory/868-1401-0x00007FFCB8620000-0x00007FFCB862C000-memory.dmp

memory/868-1415-0x00007FFCB8540000-0x00007FFCB8576000-memory.dmp

memory/868-1416-0x00007FFCA9B50000-0x00007FFCA9E30000-memory.dmp

memory/868-1417-0x00007FFCB8630000-0x00007FFCB863C000-memory.dmp

memory/868-1418-0x00007FFCA6A10000-0x00007FFCA8B03000-memory.dmp

memory/868-1422-0x00007FFCB8250000-0x00007FFCB8272000-memory.dmp

memory/868-1421-0x00007FFCB84F0000-0x00007FFCB8511000-memory.dmp

memory/868-1420-0x00007FFCB8610000-0x00007FFCB861E000-memory.dmp

memory/868-1419-0x00007FFCB8520000-0x00007FFCB8537000-memory.dmp

memory/868-1423-0x00007FFCB0D10000-0x00007FFCB0DA9000-memory.dmp

memory/868-1424-0x00007FFCB8220000-0x00007FFCB8250000-memory.dmp

memory/868-1425-0x00007FFCB6350000-0x00007FFCB6381000-memory.dmp

memory/868-1426-0x00007FFCB02B0000-0x00007FFCB02F1000-memory.dmp

memory/868-1427-0x00007FFCB8200000-0x00007FFCB821A000-memory.dmp

memory/868-1428-0x00007FFCA6A10000-0x00007FFCA8B03000-memory.dmp

memory/868-1432-0x00007FFCAA310000-0x00007FFCAA3C2000-memory.dmp

memory/868-1431-0x00007FFCB0CF0000-0x00007FFCB0D04000-memory.dmp

memory/868-1430-0x00007FFCB6160000-0x00007FFCB617C000-memory.dmp

memory/868-1429-0x00007FFCB6180000-0x00007FFCB6199000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ut1ldetz.14r.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/868-1495-0x00007FFCC0BF0000-0x00007FFCC0C07000-memory.dmp

memory/868-1497-0x00007FFCBB490000-0x00007FFCBB4DC000-memory.dmp

memory/868-1496-0x00007FFCC0BD0000-0x00007FFCC0BE9000-memory.dmp

memory/868-1472-0x00007FFCA8D10000-0x00007FFCA8E2B000-memory.dmp

memory/868-1493-0x00007FFCB8CA0000-0x00007FFCB8CB4000-memory.dmp

memory/868-1492-0x00007FFCB8CC0000-0x00007FFCB8CD2000-memory.dmp

memory/868-1467-0x00007FFCB9120000-0x00007FFCB9153000-memory.dmp

memory/868-1464-0x00007FFCA8F00000-0x00007FFCA9429000-memory.dmp

memory/868-1458-0x00007FFCA9430000-0x00007FFCA9AF4000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 775b20febff0fd8ceed3f87c6e79bb97
SHA1 b7a487e3040f00a21c0006547ef37b376bc280a5
SHA256 bb3724b79f64646fa5508b3ab1067a2431aff37c67a8103ae3b87b3390a24e02
SHA512 916ba4178577ccdc066f091c40ebd60149262b2716ecf35c38591f52f80b370f163f53158de7ba18754006272600ddd475ca0cf6930d1f3e5ff2daba2ae0ff2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16941f31079ec79001bce75b487c57f4
SHA1 2270305c155bdde8cf178b4d0b671fd843631cf1
SHA256 5cbe28811160ccdc5290bc488e2bdd94db80ab9cfce0e8184e3ac7797e442d43
SHA512 68034d23e5d0d9767172aae8fa1d39ecb6963fd397b7dd106a5717c34f579e63941209598add457c250858f31f33d7860e3b8ea38baefa6b5eafdbb5389d883a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ccf360559af47d915254e3e48ce0e9ff
SHA1 1db4a6cf613984f2adca00e0a0ddf7619ba1561a
SHA256 05fea499e8e776e52fbdbed702caecfb3ae5fd6bd807e4219c68ca6bb335d6c5
SHA512 8105abe819c7cf1b660d1946d8775e8664736d92fa170ae021cd6b1e8b3ab022c22d5b7bd02faea4cb976a55e794b06ec8b1a79710099136d95e1a8627fbdc85

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 72c4cf6fc8a5b224235c44f6fe5d68a6
SHA1 eced837f0145fe942f8c1aab8374d36af353c632
SHA256 b3b7a6c66bfd1bb7eb0bb7cbceca9b906e2ab9c07f7fba48a58a933f47db0c74
SHA512 4454ba4f0d0db35eb41028ecbe8a43c6e119651d54f3576d02006b98bde0a089105f79d4cce89c067474531ed03249476051a09b73e0497d371ff7cfaccb864e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 58a3f278e61fc4e4c115e09d2cf0208e
SHA1 3ab311b557e083695d7215d8e86216914bf94319
SHA256 b9a8f23080d4da89c7c170912e521908f12d4e801d12bd5a56e0a8b3704bf7c8
SHA512 d708bc2fd219c3126c1da3efe338ed0035b6f7a78309d9a9677e10e7a2fd39f4c14ddb683726f1d00eec0a36be3925fd74767abc7c2b226ce5e43810cb4cbef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d206658b9deb64e82533e3a95ff1c404
SHA1 098eb065b618b062b19163725eed24e2f561bd03
SHA256 2efb3b81d6c0ebc73d82b7b981fe0d7f49a36f84fe924d702b173aec1c199f2f
SHA512 96957d13a0ad11a8a3fe086441b7b64baf701f4e558c2f6a97957e2c29a2c5f439a6b8d939e537b6ce9da2f97750068d0df6799090476d141b42cac523c4a7f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f550529ce134aba54d11d2d8e247403
SHA1 c013262c1c07bda6a873fb8b916bfac0d2a6986a
SHA256 ddef93750d8c3b1ab0b8f931b0a56d2f8503ac90eb3514566210ac47282dc31d
SHA512 d273a41e8d24e55a913612d609b1b2ee24c32a5148816b5b8d5dc84cecbce8af609c0e7ce0a721a028a0fd9688802529a917089fcba9edf94ed18e064e15a269

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a90c3f901b0322782535fa5a60fa4fae
SHA1 cbfc97fbd4f91faaa58d255c91288ad6d110e537
SHA256 1afdce8c592169dcbbd9b4a4476d36cbba59ebe35a1d0b937b98ef9345be318c
SHA512 83be962e13fb50f287689082961c274977aaeab27711d0cd26d5e2dd9d0f779c7985550b92e28c37207e3b8d5491c12ac82d096a690818b6e341a6b34e0636da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 cef661c77f3e6ae241b79b558acc0503
SHA1 a255dca0b923f42fbc6756704eaff88b92a5c9ab
SHA256 838e6a205cf56c554631f2b4349350088c06313f71f8a554a966695a084d294f
SHA512 491d53296a10eb8113487f36f0b1ed81fb6546501844b4639fb903aff5f4a35b77892149a5168ecdf7ddd1bd5c7234243f32c3efba8a99763decaf6596016c28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f431614e51296e84af6f98e892862418
SHA1 8a9b196e07f48b2b23233cc42881279820986b9c
SHA256 cec0de663e27d1ce9663265838c4556f8c7f7dc97d3e53df95f3527d6348f43f
SHA512 ffd2d216caa6b1db3b65290a2748350a4b359591c4f0c28eec529a82d5fe3e3d8638ce3aeeec1ae78f53c0b2b7bf03c64105094a181786101def5957d30b9334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 36bc957271827dee2f1318415ccc06e2
SHA1 c4b240e08e1f51b683366853f8e41c318fa7c6a0
SHA256 4c91a6669ffc6393fe6b73826f7f86065a829dcafb7787d4a507047eda8fc3af
SHA512 d273918f8e2b1d64135e63a578d408200c4421cd6d1bffaa28882a8dda18de290b9b41ee42cfa12c2b87972504cc2e236be359dbb8bd0d5ba295fef8a233fda5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aed11b04b0c71286133950738f638cbb
SHA1 20edcce64709d80a205c186a83c234bc35e8bc74
SHA256 8a6c96852799ccf4a917d7f0f4ae80754396c4ce92aa5e6f50c9ceae8cd11b95
SHA512 aebad458afe5a0f3ea9ebc8df60a54d952ba633b69d8d35e218db05df1103df9bbfb4b880f7726783693b16d3332c82744d3ac5434a24c9aa75d00ba9f45e3f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb0a0b3629c52bb60b3946681d3c7226
SHA1 7084e8324a7248d4326eb0cf12cb111ad2774c6c
SHA256 f2be0d9ad3cd13298b6590c8321bf6030abc5c13dac75eac45eaa03ccbc99be4
SHA512 97077dce1a975bce3f86e62c62d33ea22c3dec433ac411aa06768b4b19fe5241522a9cc4797adb358dda93d9924c1e8f17f5473846be9cfa2a15e59aaa814d22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d99fc20c4ab9de0908f6118125eeca28
SHA1 7a19e72550946eab869347253a222784c4bb32c2
SHA256 8042b61fde8b75877c8890d033df46914854274b15d94ac0a15ffd385d061ec8
SHA512 0f7c9a42a819132c194fc81343fdc5e11a89764aa1a3225ffe2ddc46c3dba756a4d887c5ea7b6e053b3499e6d289356694187449d99ea3766146f5e05a5c5b60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c78cf7a4b16db19f9854334277227d97
SHA1 7321635ee1d9eaa0c37d57992701f3a4b8b95a4d
SHA256 2e6a44e8034c0ace29a9f45310814aef385be0cdcda9968f0cb502c7f1de8926
SHA512 3c12e89d3edd7b101413b4d7b8ec6d1b46f1c932aef3d974691f4c9ea67e90cee6ea37e2d9636cd02201f1baa532bb1516d65fcfd4e2176ada64ecc811b3a2d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 827fac7dbb2a5c51aa80b24e4cb8cc8d
SHA1 29b89e0865904a6b1e3aab69e802866b568eb626
SHA256 46092bfbe661851dfc3d5c3273f9be9c5576d519e2dcef9ea283e86f67beedbf
SHA512 bda4589888c739dca18eb19fa4c942dcc8c5ffbd93ce870799ebd353fc3d825fcaff366a4edfd5dd08e0eda0454b906a628355b5fb5f774443acb9a57e2b8032

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0d7b791288e00b650489eb1953ab4db2
SHA1 840d31525d30c1e9f1000bac113fd29b07302588
SHA256 9918b870850fd375e9bd3cc60e532fd3a16dacad1eba04e3c9c3b79a81a32d6b
SHA512 74d859cf6b3a9ebbd8875916372dd9eb5cb0da7fca85af3328d633d9bef599ad649f853d2939f81a21bf99a1224b06dabac43d5250b00dac0ff19cc70e1cec19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca547388e15a652c87cca4de77ef4a6d
SHA1 5b6fd3e39880e551d911e6cd093c55815a67bd6d
SHA256 4edec7de6148f1237bf98c2c631004e1633df47d916ef5f56ec214b584574e68
SHA512 7d4a72ea3a3ed44be125ba7b4e4c3f9d90948058ff7bc5c9989fa21a2d3437400f66ce62543c72341ef29aeb350dae54f4a9f0176017f41b83f57bfdad34c119

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2c61ba471a4ab55e0094dbd43494d2a6
SHA1 804434cc7b0812b0f20d1a7df03cfe3609572dda
SHA256 58e736053f0992ab5f3579023323c2983bf4e34c2c4f7899922b568686fa1c60
SHA512 1321bc2193fc83a6cbacd12ec2e7a88d375d386a813d595926976e90a70fdbf52bf2d729186806c1d982f6d3234ef766526f870959471d8845308fc05605e49c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 180cae0b704c38026a65edeaf6beee6f
SHA1 75d129cff35949b38a261335f1e0cc3c2d0a017d
SHA256 bcec4837812ec4a0a38de2cf43297c1bdb7b6ef46704cc43e6c21984a7797eef
SHA512 e9e081ace59a8c0e2eb25d2e7cd6d1c96391cb8bb75af3daf0fd4945ae80b6bf75ab25330be3c7fbc2a08666411787819a7d7c070fa5b86a600b7fc9681c78ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69f0888206f37db2b96779bb373bbaec
SHA1 f8dc1ec4048934052a5fad6eaac6ff60172009b1
SHA256 a3cd1f4f0e01a490af3fbd59725261de6d4f84a2188a4c2fbc7c35579d7297a4
SHA512 28ec80b89ded37f3f1ccbc234279bdfd7cac7777da86052a0b865a1ceda128e6f4abf531d453fa401c2298aaf6150c6064d21ade320be918deb550be7e4d0026

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce2a0a3a-d853-4284-af4e-961f99399b3b.tmp

MD5 307672937aba8b942227bf03793577ef
SHA1 abbebf56b22e93a7f9b84c427c46479ae115ccca
SHA256 e2b2c47d266a7b9e9558bdad488d68a206a46faec9ead1a17a216178dce6683e
SHA512 4568291fe47ae04bb61af1d6598160f6c841aaa15cd45f6e35694044eb64b77f9847855cfa6579e8a11056ea9802e187e48b20b32614986c7cc61168d3716020

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8d33848e-b80d-464e-b7d2-dc9070ecc098.tmp

MD5 89d05af57f149e5c56abd29ea7ee4d39
SHA1 208f3d62facf1a612c97368a311e6747e50a1bea
SHA256 c83efa271cf722c3bf66a6e1be59bd4660eb02b96408c2904408b58e7f382323
SHA512 8640745a2170c501d128ab7db0c23e4aed96225cdfb6a7073499de31fc96ed9b9868bd48eb0f6f07b644943fe46488389f2d2bd9cc0c272996a36df7d7cc598c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6d3ac30e39acd39014ee474715832a41
SHA1 248fda98efbb8a5b99055ab48bed944682fa6a0c
SHA256 068862d4cc3bab4d0b0372d0c5b6e41e93a2e045d3e2ca96c3a45e7ecb18571a
SHA512 cee3d229fb90562a7ba8eecc48b1b0b08ce0fa0b186c0097c3fef29e0967d479441cbcde819250502b2f584a270806c545df5a4238edb528e60faf300848e6f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1a84a05956649568562072c9df2d6a80
SHA1 032d44577bd08d82af2305cb7dbd9745e9a30993
SHA256 000fedbcb84a83afd6754c95ec9e97d28baedca54e407f059218712104053e93
SHA512 94fe6a71cf78c780847270547628557953296f69f401d76fe1b838767449cb0069cf130ccad383a900d3d50529845e47b56e0bf49ef64f39c8fa925f698f6349

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1997f9ba-7016-4b20-b946-e854f35a16ff.tmp

MD5 9816441466fc1648a2c091bcff9466d1
SHA1 161c6ff8c8ba34dbfa74b356381a301382d8e028
SHA256 0a7804d67fda9b5b06423aee3ed26386d9c106e5052852097951d5c41bac7396
SHA512 99645fd472dee448c14dcac3e181a7fd9d9162054f201bf0c04f4dbd587fffb593197c396ba14b731c7cac5d306f633d72b29bef619086a82cb583f6f6fb7ff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ba0a566bf5cba472dcbb27d57dac419a
SHA1 6c9351beb7ede4db5027197a814b3b123c51ded5
SHA256 2dfddeeedf64c05695ec3e9e75b3b75f2619654dda649def6ec2962505d2683f
SHA512 052a0c626f2b496568e2a1a84507206493bad002c56da1e7996fab5c59638ca304e53efea24f1c41c145734f3baff40f98519556ad0ec410932778044d0c2687

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cff83a288fc4f1895d4d80e2d211905b
SHA1 13eb20d2118979277c70e2c473781a6a625b0d24
SHA256 c34b5ea4d0720fb1faa8a3c6417f35806f76bb8b6e0284108365ae091f01b10c
SHA512 8823d4ba430d677866b4ba57a8ce977725d31bc7fd2e0ea74f67192ffc6a20fec2747661ec9cdb09d49ff893ebc71d2e2fd79414e501eca803c3319b82210d64

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fc29d223e27f1c772b99727570f79919
SHA1 2fcce1988850010c836fcf0ff1beda6552a32028
SHA256 ea74ac116b9d50bb363dcae8fe4129704aa27ff110e7b3ae4da227c88fff53a6
SHA512 86cb80fa362f9480efe27ef3494688cb371233814d1b9d755e21640db3fbfebb3db350814b68df5385334c694651c96219ef3f903dd64587ba27888e377b6c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 672eb78e7f483e6cdb5c80e994ac0a28
SHA1 a7c574687d0b3e80793e98777f944f58f666304b
SHA256 f85469097c86e6efa241d9d71d8b958ee0f9e4db0cb3da8cee6ecc5c1633865a
SHA512 973abf0fce3ae1d19742700c789f19e910782b15184546fc99c5061549b6241d5d24c3cd31b83c06744bd1594e5d8edb9984eb8df8f718fe94917607f44e6c9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f48fb22547317b668aaeab8f12f27a30
SHA1 e952f4440abb3218092b9d872882faba0b65cdd2
SHA256 ef3a712783d5a41918f5906e96b2f67a5e38ee257a1328c1489c9a1a17f9bafb
SHA512 653fd7780a2e61ab37e7fc80bb364cec4d874270a18801af9358eeb2d0a7ad12399c9ef8eded3a7c8f2adc6465659518301f7fa33b549b40a457b0b1f21c79fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f14d3418da32a87639cef3ea7f2b8e3d
SHA1 27fb94a78f8bd8556128ab6ea071e4e529b1efc0
SHA256 65654acf9c1777dc3a1784bf1c17b077a37ba56139c2a747944274dbb5223f45
SHA512 aabe8c69b4bb63516e6110a81ce89e79b58d8a3f3db922e058ba7bc5e5fbdbb6b194b69eebcd76d3a2bfd2b26177116b392fd6d0eb0e42b34494c603585d1f75

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1959025be7071b20eed10ecb2627d95e
SHA1 2c6929e0ccfcaa7db93155354ca41d71e89baf3b
SHA256 9fe587866491c04dc5f90e00eebba3b7918e66d99320309f86abe5b14a7d9bea
SHA512 3996ba6d0e00f7cc6abc6d4dd526d7dd63cfa3308fada7ca7c69f7dc1fed83f16240d5706a055a2f1fe384fc4bf1ff4449842e57aef3b0d4c10d85d1a64d927a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eda7ed7a36cbe0db76e05880d2431a43
SHA1 d80c0910a7440e5bb4d55b25d74e20e5c533cdab
SHA256 64122854b0bbf0b25b631a8bdab9bfbebd5aa90f624a8f167b13fd7104b33a40
SHA512 6b02c7f37c60c7c0814e65ac2d8b2f7747565dc78f536c71e114665ae8c043ce58074891e5d7bee5b374ff49e46fbb09bb1775351cf0810c52fa33e37134b29e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170b13a3eda3830c2f656151e51f9a5c
SHA1 d607b18432f0ea555575d99db2771994d63ead1d
SHA256 519cfee94c3333b9b6ff138d01d9d9fee746e1a869eee4424e298e822030d44f
SHA512 3b0620b8b70c3887e3056ee588be0a95558167f1af52379ecc299633d028e5b7ff81532669b3d53023c30b10f4ddaae5ec3552532bec87dc897d8d09047823b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0925bf85b380621162e9df33e89775cd
SHA1 0f458987c9202782d0c75ecce2f7ac4a1736f774
SHA256 93884f44bbe8e391b12ce2cc38dc9c22e1672a9613bd31a8860629fa45572e38
SHA512 ddb594412bb54ee76e8871dc9ecefa9314d1e413c27e026cdaf421725cf27069bfe7f9e84dc95768e1002f6ec5502699332abeb82808789534bdd230b852e4a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2e383edef08045f4d393b3f0dcb1a423
SHA1 f2e285a60902e136796197a5b57082de25bb8080
SHA256 50dc1b8b0187e89bda6a2680fff5ef7c1130160d9221c9cebf7937c45b01ac27
SHA512 47d7e37a76fdf85640cc867369e09994c8fb687312d2f1911ef9fbba3f581ce748a6358891a64a9e734b9ef3058fbc609a08c973f2cfe199373fa8b9c2575922

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5e1d7f9dc1905b362d15bd4cfb3fdb1e
SHA1 5d85eaa0076148fce1f09bceb39f63dfe057d99a
SHA256 b8628650cb921ba806224b858443179e6fb5b3914ef34a11f6fdb10231c18c92
SHA512 aacd416356fba729a96c905badd5d9d9dc89b9ca05647b3c02405897328ee666b7c10e25333c2f0a1be4c2fccfedae193b3f25aa1f018a457e37bda14c6568d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 039481f8b38894312f4c026bf17042fd
SHA1 a513bdf2bb0f6890298cafb273c52f50c0492179
SHA256 1c2fd6de46a2792b833b0da28d4c1ed646320aa7d02a75d6b493ca016aa78dfb
SHA512 7839e5daf4a5b77504237b4497d5776126924e67333449a230beb854bd58f880491bed302d401c0dd40670cfad3ae75e3404ddaeb6de71566564e9ab8d3fbb36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 503907ba1e173dcd1dec1daeef14cefc
SHA1 e343a258eae4c1b8827c99a6106907ac3df169ca
SHA256 559da2cad47ba4b132f94abfe44feab0d7196a86df1884c4a7d111659ad4bbfc
SHA512 a4c17b91c0c7e83796f10d9468d2887a712034881af4bcd44f182627a602d0ce762872218245054cc3af29207c68c09e877069919975cb626f750dc4527c2c61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52fd9fbf25732700db3113ef77261f42
SHA1 c38d21b97f697b24d7b911d0927247e383f93816
SHA256 ffe1f9fbb94a3a76ca309570896099ead50e4b0e0c1404e9fffc7f734aa230b3
SHA512 4c698ebf09ef1c2aebe3058ebb031dc4869f34642aeb54c98a652602af341c1eddb3136392eaee6e8617903de13a9936dd5b04625b908f7122ef4a191ca9e6cb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35fdc91ab63a1a5ff94f585d42683a57
SHA1 f3d5b15b5047c835d18d0c8b70d8db7dc1b6b593
SHA256 671bf5bb4f6cdede8fdedb5264bd33471b175fcdceda2574c45dac088e9a7439
SHA512 926c4efc0de4cbdf01ef270e772745fd54b602e70c51181955662781dcb79abc59d118169799535bc4f18560a5f1b26c18a3eff374bc40c540f2822e13814bc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ba40656c8f8650d914f12d832e426fd
SHA1 8ff17847d8731aca24853aaf79b2aa73c402ce62
SHA256 f1949317b45cff38ececf3ae9a82484c0640bb8ca09d8f61828105c6d7f4f01f
SHA512 70ed3fb2c252cefc983cb9e99965d0a4774942eb49b4d8f29a78c704fb775647b5fe9ace2651f253c4eaa919466e29dd3e06e7868fae918856e0c4602b1890bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1deaba0dbd962229582f0c32f230adee
SHA1 94548b49d4a9bdfdba8d3ba17ce8d89ecfc34bdc
SHA256 71be0a22860db7235696383afdc0d1d93a3227d2f055ea9648d929452e43c67e
SHA512 8d07f6727b2d4b232a9774423cb4fdf8f86ddc892055a43f20241065d3a3282337a1133e45587bf9437a9a2ff22244b557a3a9933bf6c1b594ec9102e1cbc0ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aab6579458c1e7dc75c6e071e256e638
SHA1 2993d59092a803e2c29dcdc907c4a670da95aa4a
SHA256 18ce225856c8cc45939a9b029185c8349e4082cda19695692ed797bac4b623c3
SHA512 522336cb529946f8772ccaedc8eccea579cdda095c0d6d312e40c9876a0256e206951a08a623bdeb41c478d32a80db8520699436a558491acf8f8a75beaaf74e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3c18483ae4fae9ce33819d70184e3b06
SHA1 4bdf7f894ae9a9f8f7467e0625b18c5ed0990741
SHA256 3f83779f6894360f21c80cf3d8e7cf60f951a78b677c5f7b3afb4bca1f69696a
SHA512 f80082b23b92604af16900d17cbdab22c06a948e3c7a15b77a640977d53808c2f7628ccfcb4db10d4fcebacb73888c36a6157b33517646cd8424c3420e1c0cf6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35f0e6145cbe508a511d2fc54c095f65
SHA1 1caf7a468eb633015c49bf1d48bd1d08f9b1d0cb
SHA256 7fe09502f98ce8af7cbdef4c00c480c9248704a93a0cc1e3b3f7d7cc15141b2e
SHA512 28ec934d3d9d0b4d1f7249afae81bbed5004059022e06067be995288347e2171669042d01d959ad73afd3fdac2a624a8737fc9a6efbf05bae7d3a332ed56f2b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aef8b27cf67b97d42093663c1a92387f
SHA1 3c56b9bf39b8dae94c37d6bf77d5b288ceba5b80
SHA256 474764447e64475b36db223396d537ada3960af30c5f1ced984a45121c74c854
SHA512 b5b62ca992b836be2d40f951e9093603a5f5043cc41a82adb37b85e13a00100445e6ab4ed2028fcbc567189786ee2250f2c28ea5d27bad9507eff8b644bfa995

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 34f23ce07392558b8c8659f6b7ac10e8
SHA1 3727274ab0dc0bcb016e0ef21154f67ff2cd7916
SHA256 ca69c94b44a2ad95573953cd71cb45af66adbcbd7d6c9dc46afdc0fc33647e03
SHA512 20b3725c7fd585d3b86f4444a0f98c868f0a278070f2ed67de52c9982f3b2fb765b710a9100ea8ea434d2742562c134943c452bfe710645c9f98f9a886aec289

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77f6d6414e209e923b188f745eb89ca5
SHA1 d1d9adb315a302fe7e2f7bfb5d793c4cc0554d53
SHA256 f0a01dbca09959a920a13c73fd93a9a1733c54b69eecd37802f7a20cedfb983e
SHA512 cb04068b549cab66824a36a6eebe58bcce5ab434941de10c5c0de3e7b589f8c1e6a8af5e139dd0d627d1378372c31aa43c9530887674a89b5ba8fdb00b83e21c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1fe46aa69b47f5229af4835c5b78f98e
SHA1 13e99bf7eebb86841a5a174b967cdb4c6de8c728
SHA256 c46626a525c32be11a5f7847ffdc90eb1d986909e0125af1c7f226b6b1968ef6
SHA512 03d79ee2592a8c538a3be374115f5d360095c02d31f6645d2cc8abd76334f0dd73afb5c97b2ebd969c35a81ec70351c48b4c4004541e0be0090a212525e18929

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9a0a8cd7c29f2a0e9b51a37450015fe
SHA1 0af963368ea9dfed77ef4becd6acb64311abf2f1
SHA256 77aaf7dcf4e837ea0b34dfa23dbf6b8af01d89647fbdabdeebea307823dd1f4c
SHA512 e7135983a96d56b63a58893d68f5ec55fcfd9aafe2a2911ed9309469656087f97c88d4542a444e69b73651e61967320fd44ed87871ecdad6267a0f3cb2562080

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\98e6bbec-36b1-4299-a35c-ac86d23f7672.tmp

MD5 eb44ea02fd578252a6153d745fb3cd64
SHA1 737accfca71be82dce3398419046e22f553a0a94
SHA256 747a0d4fefea5d68006bdcdcf28b364a3c7e47556756417f4fa44bab7ce62a42
SHA512 ea35d6caebdbfda31bea3b7c6fda47fdd577e6a4172025e680f5500fb6c825e97df8981768b70443656e293c5871e093e9c8f0d81a0977b6c1aec38c4a58ff5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 05be7eb622dd4e5db646da3f62d75786
SHA1 9132874babeca5da098f0d696426599cd7e4a045
SHA256 8be1e4717f5f6ac4788b1deeb959600da3be62bff4fcdf1cf718afadbd3b6df8
SHA512 ffc8160ef5f5e09962700fd1357fb202b8eff127c6fb7f1397350f09dfc43961f59b8dfa95fb9b43e30b300254a711d4ba1c462b184c05feb989d5fd38f85d20

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4d7d4abacde3444c7c647288f4fa8707
SHA1 ec5aac34e83861e4715a4e595a5d774017419214
SHA256 29f8df445060fc7344c37b0aee5c5ddca2f4831617c56030745204dac620c12f
SHA512 22ff56b2aa68c82c3ed24fa96136eaf2ed84ca5828077d7edf3da3d45899234a754ddf8d6c18619d5103181e4a5a97afd5844bee1c988d8575b333a44cf7ca8c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8f9b6e72f4e5914e95e4ae20f82c7466
SHA1 62661c32ce2745f8efd38b08fe7936251e1028f4
SHA256 9d2990ce21e02b91ef27983555d9e587e179361bf539fbf43f0317acb6611ef4
SHA512 07265962ae962e64fee24d8e9fa5b3c473f92b15764af8df785ccde55efe10b31880c72dfae076260b9f4ce13da130b5c70bce263155b09bb75342517402468d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c22b89f7e9ab5279c5e17b0c4000ee3a
SHA1 798068cd9b45e7cbd256b647010a5e8dac3473e6
SHA256 8be299d1ee9d165ca100d778a8ea303544ffcdc81ab19b182eaf16172d4a1ff4
SHA512 686047430940dc3fe6eb4590f802042063ed183ae65d54b5fe0a28077bf7080682c4afb17e0bba04ae5efcb51f02082c47e9796c928528e4d7f12aff71969840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6e5b2f5ced52c351249ccdb50cb46573
SHA1 338f5bc642557ad05e2c5aeca8db3c20cb6fe6ce
SHA256 791641e3a46e2337f721bcbcf149da6ba6608b348bb2dd431be388475a67e960
SHA512 f706b7e97813785968334b8e7660542cb7fc8b76c3e1fdb3441f3fc1d6fb90c627b9b58ef4223dcb31a71bdcd3a61c5c934bacb08a11c79d31066d3a47774cde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f5458217ec3026e320518228994da123
SHA1 69fc7c6ee24e2ecf9447bfc4be5ff2c06bcc237a
SHA256 5c348eb70bddcc4d05611af85b71fdc27a7eb95284f3fa26e257c54c3a8716a0
SHA512 52dd8e970a071c89b6153bef57703d4a15474f812b90ed58f0e5fb32569fc80f76a6f65dc04d47824d09e4b59ec36e8b34888291b2602c3784d2c98f6d822cda

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5bfbeb3dac51f16c37bcd5acbe09760
SHA1 c2f53ca7af7a3c5b4a0f5572f60d59993b0ac34b
SHA256 56f9940136b7d8e0099921313bc84cf2321eb48b4a2c6d4ebcea465503499929
SHA512 d30d9afd3be80bab950c4fddc59095e38e528d1710ac17aa1b770d641e7d973058db553b0ba81af95953f7e7bfb709b86ab20de96b386b7a8571b527e2246438

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b8ecf97b3e70e091b774ad5c285c11c
SHA1 e9c56b85a29115245afd3a0b8d7ee70ed1acd13b
SHA256 96daa3c31c343129f0a46a636a1795c680295363db41788256ffee5ca3849f42
SHA512 33a3f835b3df536776cf6eeed57325dc4d088b9a2dc0cdf4729508ed88f9b71390fc7334d5f86eb1e42397cf87ec4a081ca4e858155ac25ac0025881520c0fec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1e1bca92a7b1beb6ab73c3d42323d09e
SHA1 00d1c95e8e1fe697b9a76b24b290ac7ab3822855
SHA256 40ca75915da800fb3436493da83a2da2e3290078fd441ec9ae2c8bd8265b01e5
SHA512 0f6465b6cd969341f703d87bcc38c9a3b97e9e70d260583e97fef64f8f5aaad372a12973c5bbb7eb19cc8375ce5cde6e7607b82c55aff79fcadb5c6c3117de76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 510208d5469f72c84e2d719930bddbc3
SHA1 c57e9bf2ff5ed50fc4d9f0549f6e1e59c2efea54
SHA256 774b87009ca8dd4c40671b7e7e46513df3b95269f8300268d70c0475801f5fcd
SHA512 9bf531edf0baac6e06f42be857d1e684aa70ed71b3c429c113ab22d88e34c0358fe349e7a9a84d0f0950c61250c0b65df41c6084224039b9e49423abef8a4caa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 abaf0dcfc3f04ccedd426e4ad9d5285c
SHA1 d1c7082e842d545b81ae1660839a7fc5a33f4cc2
SHA256 309e7d916183b3a0bbcde12402511539ab3ae3c718df9b548191db224d306b3e
SHA512 2f3f1d7c2bd1a7385d10635d89c68e32732e1152dab7bbc72cb9c63265e6522c805317b58fef98c2d5807040edb4f2daca395c150c8bc1b04aa2bdccef0e894c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 560e1f8acd7dfb5e18427de5afa70a7a
SHA1 cfef3d993575ed12a98845bb1efe14c5255cfef7
SHA256 6fd86d90a067765d45d601f789671d7f98dfb3cec51ad9689dbdd69a7a0e8046
SHA512 4984a9a8c1f76a9e299a3dc7e6443e81ae4aa0c4e85e21839a0ac34ee99ad0c02ec297f25350803145d5437b00b22f4f65bed5a129b8dbd3854f1a1722775575

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bfb196aff16664a5bdce9c591bfa9ff
SHA1 0bfdc2bdc7922369a0201b7e7340b540d9cd1712
SHA256 d5f836e167125b39d573495812f95c7b0010eb4b91591cb7c0e9e5c69bc2433e
SHA512 ca22ba22305d0bf8e3ed6fd2251632422e4846e7ed5e7594bfc5cdb7d0def784689270173ddd8d0c35e605a2d9899dbe7b5f6d72731077a3e98d297bd8c8e290

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 035c3a557e27f0da28e7ba7ed66a6e8f
SHA1 4f9fc4a96420e8b4ba4ab74a7426b070ae6d2d46
SHA256 5ed3575da1e772716ec2f8e6339c6789472b1e614efa0a9d3297240b9c766ed4
SHA512 981ac3e0864034286a4086c081dbe9986b6d316a30f113b012e301d15f5bd67dd7268e47bb6adeb2be7c30159131538f7abd5c49d960f61b03d7dcce890eb2f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbfacc4d77c8befa7c090cc9416d62b6
SHA1 997ccad27afc48fc7a9c97f5398db63f63540f82
SHA256 3381f0f19947740990202ee4beeb433601813f428a52ad04d9c6340f0c7982d0
SHA512 5a309e2165545749865a27dd95081caa696ca3e7e907bae9b40671520945f934fd9490a58ec2d97c0003df3b6dfd75f35d72537d79a3f52c7a3b1dbca1d28908

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 170f7919a91d385da4a7f57e37b47899
SHA1 5d0cc98faf743d32c122821f0555579a81839475
SHA256 ae9703ae0e6d19eaf6f6677b0d1fe1b0d8738e270b082950500d3bfb0a80ff83
SHA512 94a2b2f10c9aeec7251b98144d93696b3f8b852a7ed7672e4f2a8c3426cde27a196ac3003b10582b2aa58fe09afa47a2d72bb8c591ff3e030c6450f80d7871bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 caf88a058a7140e269d880ae4fd1e2b9
SHA1 1aecd116d1a537199da2e8831142559f59a12eba
SHA256 577290dac1bbae02aaab49c612ef96737810a81876ca4997aeec02c290a96abe
SHA512 5114204c5d7fcf59db8edb78781b7c36d5b689e79ee504a6dec68dcc2519a0ba28925e2d68ad14c06e322810d2ef3afca71ce73eb2a8f1df5d2313a49d9207bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9ec2d53b66b5b945a805ce1a7d94e32
SHA1 09eeb2f1cdc6e16a5e8c62df6873dd1c4209d959
SHA256 1b25a437a7fcc37b1e57cb064c4f8ef1debbee7ddcf2f14511213e9222f66be9
SHA512 e923148bff3e54b33056b133edf1e1c3c7414b4d062e82dead7d86016bba0b9e087c859a6a8add58c59d9166ef1b692d93b97df0c066e02bc7461b1618923d17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c728541bf313d913c74b37825d3de9ea
SHA1 252dd7fcd58cc5631b43e8983be314105420c304
SHA256 4623f93fef42d8700abe6e9a7418b2da64760b73c2550ff454ebabddfb797121
SHA512 23ed115d0c602dbeb1341a1961a185026327673bd0d606dcb6555762ac5518ab5bbda9bfa5dcd7daff22b44723f692aa7277a7593aeb44f0a37c3c64b4c301e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbe083714adfd00f688782b1a4a08a77
SHA1 7bacff0018c96febfcfee40e26aa79b1f99212df
SHA256 5c0b7ac990c07e6f38a210e0f4bc6ab8f5858999b6addedabd0eda5a92029e96
SHA512 7f235dd7ceea9acba5ebc691f4dd2d79513d3318a44fe3dc4bf20dd60a4f03c401c4e57135e119b6f438e84950993d20ad2fb34717a460d90b170be4d35a4825

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5b294f7c5c08a92d2c7e801959d7f0cf
SHA1 452121c21b674453f3de7609690b4f27e803b186
SHA256 028f0b5b827c1bfd4cc37e73f23d500a50f93ada6d9acaafa86e0df4cc8bb2b8
SHA512 667ef20077f82852173fc4fee3c48a45240761a17296e27df36fa750b5ae1805df31633b4af73276d9ca29a3949aff2f0bde4cd47f0485c0057dd693c6a83984

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 82b006980429ffa5dfbbb44c5c15eb47
SHA1 b9d15132fe314de0270e3dc844d0e325a4626e02
SHA256 dd138b5a2574a2f9aa1edc2cdfda81356e9ee4e40eb17f414d7941bafb29f48c
SHA512 71aae404a754763eb8da248734b39ae6969143cf8094bcaf0fa83d6d951a7528a5ec8e15674dc95e2efeafcab7be73c848eb3d8a0b26882e6223a9d26d2ba25e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 71ab822d1589dbbd81b7ccebd6e6e2bd
SHA1 d089c3acd4d8301b0f78acdecdfd122369e41d61
SHA256 c64f6845fb80117f38a2a7f8414c34764dbfb97b607d28db5161c5a45222fd88
SHA512 110d89fa4529019c5dcf43b18ce5e22d269d0a329a6d7e06117ef0be017d6e5e88bc1e19f1a9bff782dab067c6192f080cda053beaefa3f4651b0d0751354b72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac649c3f570d45500cca46b572d6a4a6
SHA1 701318f66bd45bb01ad7ac43885e4c6d8bcebbb8
SHA256 78eb8afe76c8a72aeca382fe98d731fd585885501cedef2920540365de57fac4
SHA512 45fd97bc5c56fbdf1c3f215ada7ce68a7ef535acfc4f39d2ef94c5b43ee3e311c28eb65aea217380458e0fb220dade71b594a438117f34de4106711b2ab4ddf7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 527cfd2a54e3cca318d93de54adef64d
SHA1 124a015a5e4fe07091cb8da0a7df11461e18d209
SHA256 ebba5a4d7ffcb045cc7e779e222d8a7c2abddb44091614b8fbd43534a549781d
SHA512 9d52a307e518a5853f1cb81a07b4198726464202f4923a800713ab0b2f01de874d0a261274332902fc6dfc6222c06bcd40a8098a803c2089ba4a8be74305bd19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68737777f73ce7e104a967ab3e04d723
SHA1 2dc4b792d0d460bec963e59630eb9d8568385c47
SHA256 8a31ba4ecf904710eac14918386c72b3dff5a0c9f309c52edf3f77a36dc40f68
SHA512 a12ef3bb27ca064dddc265612328872292500695f593f7f1b5e321e9c1b98997f1b3a20c40200f2fe5b6488c373ed559ac4d5db9c6e43f9715edc4c8076bc511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c78ba8df325e4bc512064991fdf02f7
SHA1 3b817d582d5c664cd0eca0260ee57158ce9bd523
SHA256 2175802097afdb58c540d3009535b7ceed98b3f00d41c12e8ac08a744e95c7da
SHA512 a06701c2e8516c300f1c0ca0ec966f6dcd005242a218de385ac97cdd8720414424a1a66b9ee77cc90938dd8cc1da52915537c50cf5cd74be8dc664d2a30e1d3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99718d3c5f8788abf326a8144f413de1
SHA1 7ab72362b46c5a4ef0a5bdd645cc76144c120740
SHA256 4359c65202e04091a987cc2707e98efa640e8f292b11f4980f9736a73289e193
SHA512 000477ada39bb577815e01101ecb457ff02604caa63b2a733c5880f2203058db556134ab79dfb63d921c7b9159dcb8952468184c31a061305c819e4a23ce224b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 64c0ace3f146b9ef9b5ceef6e27685b2
SHA1 f1a89303c888f69b7cdfa869865677fa539e922c
SHA256 e595521c8ae912b2aea5c3351326b52eee981e234892821a46fddaac026edf91
SHA512 3e6a5edb422166ea0a4bb06b151a09bbcf9dd344d7a655700500dc225e3b3a9e19ee32fb4c30a0cf1152936ec4840f463332402bca7ca73acaafed79b943c63c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d05adc5210a7bfac0224f23f8546378
SHA1 7717c887e9833c7ddb5cebc4f7c254713a183b04
SHA256 46bb140606d7ff1d8ee840836f3f13fa672f56b15a75efc46584bb359bcbfc13
SHA512 838557d398dfa51368fb315398ebc5fdc7c9a74397b3f6eb2b68354c07e17923858c13d321c0687bda90e0b935cceaf384f467e7eb7c360655acfddda3e7b6d2

Analysis: behavioral3

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win7-20240705-en

Max time kernel

1800s

Max time network

1697s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

Signatures

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2112 wrote to memory of 2852 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2112 wrote to memory of 2852 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2112 wrote to memory of 2852 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\rundll32.exe
PID 2480 wrote to memory of 2804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2804 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 1736 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2480 wrote to memory of 2180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7c39758,0x7fef7c39768,0x7fef7c39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1184 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2100 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1384 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:1

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 --field-trial-handle=1288,i,10508301045250138343,16891695076054008752,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x510

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.104:443 www.google.com udp
NL 142.250.27.104:443 www.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
US 142.250.68.227:443 beacons.gvt2.com tcp
US 142.250.68.227:443 beacons.gvt2.com tcp
US 142.250.68.227:443 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp

Files

\??\pipe\crashpad_2480_LFSZKVDJFKRADJRY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bae3d876e1a5f511ef395573e9c4210b
SHA1 bfa13e64b7df7f0e2256004661e6b96d7564c655
SHA256 e45d17697caea92c177a9cdcc7749d7005c9d00bc0626d488a6f4b3c3c3353f4
SHA512 cbbe2ba183ce15c021898044e9d0084bc9af0b083686bc1f95db89af3fd58543b27f9e1fa759018a04d3452966f0d979c24d4abb3f30de9c62d9a825e468ae9b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf79277e.TMP

MD5 70a29339bb4ec19deb8a0bf9dd62bff2
SHA1 3a0ecf926a039121f1d9c1c0a3e1cdae1c4b578f
SHA256 f2461de8898da3bff818b75df21ae843982df37e21b5c5f57946dbda5772c30d
SHA512 c9cd24518eb3b8afc04bd70c97b40a3d2126f38423e7535c2200b6f9a55f7f4d5fc764d5ff41a7cfbd8d10cd6b9ed482a09f8f7b8865a0b213c442c23b1cce3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 062219e6dd74bf6eecbb16f62da4b533
SHA1 14283dd6e4b8b9c0991c2c763430f234587498b2
SHA256 df9987792a1110f06b79ae6c5ecefdbe0a8e1afdf4a65d132a6b491cfa29d0a2
SHA512 f87d10e571445a05108a7612088842c954f8f697dfd5083e39f0f74a34089ae83dd8c16a0b27da04cd04749ceda5461513ce0d53c77546d520074e9298f05f70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09f44c76815590e7bb2c1ae6c38bada4
SHA1 75b9aeed90b9b845d5507bd6e29bc5fa99e36e28
SHA256 90ad0aa76cf668434f7dc2a36df86845d76995876f7efc16cef556ef6db7fb04
SHA512 e36b01ec7adb227cd4d809b03d1ba564617ca5673ca6c70de7e46a79a7aaa4ef1bb0778247607186cd04be8372efc59f7c7692d2bae02d78bae336acdc105aca

Analysis: behavioral5

Detonation Overview

Submitted

2024-08-02 09:48

Reported

2024-08-02 10:22

Platform

win7-20240704-en

Max time kernel

1563s

Max time network

1564s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

Signatures

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file\ C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file\shell\Read C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file\shell C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\pyc_auto_file\shell\Read\command C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_Classes\Local Settings C:\Windows\system32\rundll32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\.pyc C:\Windows\system32\rundll32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_CLASSES\.pyc\ = "pyc_auto_file" C:\Windows\system32\rundll32.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc"

Network

N/A

Files

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

MD5 709681aa493168af0da85e4fc87b3124
SHA1 746ddcc6059ccef704e809192c4088af9971bc04
SHA256 0f24e8fc2d68775da5d2e8cfc4ee7e9fc10c7194c1446d1d747c5bf549480f3b
SHA512 69f71b659e686707cf93ed5eccaa00982a856c551d20e8a525c83d9ef15cfd7efa3e5f3cb9f69b5e041e29e1a3d74b66368688cc6a65a2d5ce7924d4ef22ace7