Analysis Overview
Threat Level: Known bad
The file https://filetransfer.io/data-package/1li3KsXP#link was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Modifies registry class
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 16:03
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 16:03
Reported
2024-03-12 16:05
Platform
win10v2004-20240226-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Discord RAT
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{E6CC4B9D-905F-428C-9922-5D831C021E6B} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Executor\Main\build.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Executor\Main\build.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Executor\Main\build.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filetransfer.io/data-package/1li3KsXP#link
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3ba746f8,0x7ffd3ba74708,0x7ffd3ba74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Executor.zip\Main\RUN_ME.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\RUN_ME.bat" "
C:\Users\Admin\Downloads\Executor\Main\build.exe
build.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x150
C:\Users\Admin\Downloads\Executor\Main\build.exe
"C:\Users\Admin\Downloads\Executor\Main\build.exe"
C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\Main\RUN_ME.bat
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\RUN_ME.bat" "
C:\Users\Admin\Downloads\Executor\Main\build.exe
build.exe
C:\Users\Admin\Downloads\Executor\Main\lua_extra\lua.exe
"C:\Users\Admin\Downloads\Executor\Main\lua_extra\lua.exe"
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17054411864015179575,17047875495865915830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filetransfer.io | udp |
| US | 188.114.96.2:443 | filetransfer.io | tcp |
| US | 188.114.96.2:443 | filetransfer.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1f8f9xcsvx3ha.cloudfront.net | udp |
| FR | 13.249.12.178:443 | d1f8f9xcsvx3ha.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | filetransfer.onfastspring.com | udp |
| US | 18.211.248.143:443 | filetransfer.onfastspring.com | tcp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.248.211.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.27.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.27.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s22.filetransfer.io | udp |
| US | 172.67.200.96:443 | s22.filetransfer.io | tcp |
| US | 172.67.200.96:443 | s22.filetransfer.io | tcp |
| US | 8.8.8.8:53 | 155.27.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.200.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 193.78.101.95.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 191.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.134.221.88.in-addr.arpa | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| GB | 92.123.128.173:443 | www.bing.com | tcp |
| GB | 92.123.128.173:443 | www.bing.com | tcp |
| GB | 92.123.128.173:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 173.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.160:443 | th.bing.com | tcp |
| GB | 92.123.128.165:443 | th.bing.com | tcp |
| GB | 92.123.128.165:443 | th.bing.com | tcp |
| GB | 92.123.128.160:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 160.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 165.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 204.79.197.200:443 | www2.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1eb86108cb8f5a956fdf48efbd5d06fe |
| SHA1 | 7b2b299f753798e4891df2d9cbf30f94b39ef924 |
| SHA256 | 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40 |
| SHA512 | e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d |
\??\pipe\LOCAL\crashpad_4260_NGGTTVPRNPYOBVLV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f35bb0615bb9816f562b83304e456294 |
| SHA1 | 1049e2bd3e1bbb4cea572467d7c4a96648659cb4 |
| SHA256 | 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71 |
| SHA512 | db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e9490cb-288b-497b-8ef1-dad6120356cd.tmp
| MD5 | 28ddff671af01f28946ea5d8735e5ff2 |
| SHA1 | 9d154d04e04457cdd8dd527cfff5b3d5ff873dad |
| SHA256 | 280f163ee79a9a3ac15d16cb6b2e046940a682ed235197f7f90de24e821dfe67 |
| SHA512 | a7068db03464deb41be6520f3522d486c2c0c628a6dcc7ffdbd2a653db8095c3df51403e7706654c298384ab899cdce00fe2bf919db028ed393a5fc3fc092e23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\Downloads\Executor.zip
| MD5 | 956e19b636b18bb0abac9466a97fc444 |
| SHA1 | 4eeed55dbd88b17b31030f11786d11d63eaf97e4 |
| SHA256 | e80ce65e2875c14536961cac4fec8860e110e2549fd03323d227117bdb9340b5 |
| SHA512 | f04a620a75b6d6f290e0e25aaaac478294d99a76fd84202fcf937f11d931cd810c5b11ec2c646c8313035d092e96c521cb1ee50b0058039178fcd1261def5eae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ebfd8907281fbb2c9daa94ad1327d3f |
| SHA1 | 42fd0a61c7a9f5ca4806fdebf86f978d7b11bb3b |
| SHA256 | c074e05ac3335fb1d43d6de7898ccc209dc1d5dcd644c183c73f1d2965dce77f |
| SHA512 | f865652ac2e2b231878f6fb7808924c41b1ffc5e7ce72f83769b9d1f20e78fdbf118d6c316ff22c4eb82600fff16c0fe9f6d04c2770ac4ea5560aee95327701e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3290ff1df15868ea9459aff8760af593 |
| SHA1 | c8a18cfd2b978e1f71e0084dc621ef3fd2723f17 |
| SHA256 | 879a06e0e46b2771ebe13b839150383ebc7597d061f0c2ab1bc343af8fbdeb68 |
| SHA512 | 884cfd1b768148b1e192e30124f893bb1c2b2d73c22faec0f5804390db611022388cbc616c424c11a5ae15c0028beb45a6dab6d643e02e6e3832a4ddfe16a5a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 900fcc36c80f4359a290ed8154b1ecf6 |
| SHA1 | 4b650afc75cd33babef56c5aca9af757b29e6883 |
| SHA256 | 38c129cc85e3abeed0d9ade5c2982bdf3c5866072b0c6da3f9466e29745f82c8 |
| SHA512 | faea9e70fdd2733d3e638fb5aed8a667306914a167be3828a358b3f3786c58826da40fc34ea5c924b4b12e0b3b70fd012c0e4d8f2c1af6891c71e2513158e09d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 92592b5329235e809763318f2a31612c |
| SHA1 | 0dd6ee877c18477be6cef771a8ccb31d5cfeae9c |
| SHA256 | 99ceed1a287c1a2a2ccc8d032fbd6abb67d350320846411dd762e19094f525bf |
| SHA512 | 25c6dc557ae07a471b5d656dbce92b2cf128bcf7ad5e93782c86984ae0666441ae955555285b897644ac192c3681ab07f6fc22a8e3446688ff751f9fc5ea9e44 |
memory/5888-119-0x000001B204B30000-0x000001B204B48000-memory.dmp
memory/5888-120-0x000001B21F150000-0x000001B21F312000-memory.dmp
memory/5888-121-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/5888-122-0x000001B21F0C0000-0x000001B21F0D0000-memory.dmp
memory/5888-123-0x000001B21F950000-0x000001B21FE78000-memory.dmp
memory/5888-135-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/5888-145-0x000001B21F580000-0x000001B21F62A000-memory.dmp
memory/5888-146-0x000001B21F120000-0x000001B21F12E000-memory.dmp
memory/5888-147-0x000001B21F0C0000-0x000001B21F0D0000-memory.dmp
memory/5888-151-0x000001B21F0C0000-0x000001B21F0D0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_566CEA45C5A84D53AAF4630FD0318604.dat
| MD5 | 4c0cf994d83b39b62be8fd4671f1e4e7 |
| SHA1 | ced6977dbdefddb83c9b3264d9d6a516928758ff |
| SHA256 | f8720717d55451885519d36ac80fe6f95cb01b2d6bb71d59ddc062167174ed67 |
| SHA512 | ca2d04d171acd5f5f2716a93494a7aaf44eb38c7ad43d8641b94e18c4922718b6b96c2f56c5f7eba6bc03ff79f81ae731c28d333ed78bd8fc7f227dcb2d3c3dc |
memory/5468-158-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/5468-159-0x00000212A1C10000-0x00000212A1C20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d480c6d6242395af53ad5ab038e00153 |
| SHA1 | abcd7259d06f4ac43792e4ef09b99abf47000c29 |
| SHA256 | 43b82fcfecfaa9fbb64e22437848d870485ad38c6c5b06caafa94fc8bc391359 |
| SHA512 | 9d762c73cbe1f04e4b769d73fc6de25f8dc1f3f1a167bdf6127d2c9867565919e406b571f75d5c1e737cc87df42ab68dc28c9bcefb7fb9b40c939e33156d191b |
memory/5888-183-0x000001B21F0C0000-0x000001B21F0D0000-memory.dmp
C:\Users\Admin\Downloads\Executor\Main\RUN_ME.bat
| MD5 | 6ba539a80c1ca6cc38677f419ae51d7d |
| SHA1 | 2f592e7d286d4af325b4062affc0ce74ab5842fc |
| SHA256 | 241d6b996f851c99018599915e80e40cf92f930190b6e23831ca4469e967e320 |
| SHA512 | 6f1bc4a697c69d236dcfb88cbb9912b0d4d972b7c64f556a60ba448c11b0311be3e74f3ef1f38094b3ee6335210827db5f595913865f6762c8c83fceb0411656 |
memory/1944-186-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/5468-187-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/1944-188-0x00007FFD26480000-0x00007FFD26F41000-memory.dmp
memory/1944-189-0x000002AD9E4F0000-0x000002AD9E500000-memory.dmp
memory/1120-193-0x000001F19BC60000-0x000001F19BC70000-memory.dmp
memory/1120-209-0x000001F19BD60000-0x000001F19BD70000-memory.dmp
memory/1120-225-0x000001F1A40D0000-0x000001F1A40D1000-memory.dmp
memory/1120-227-0x000001F1A4100000-0x000001F1A4101000-memory.dmp
memory/1120-229-0x000001F1A4210000-0x000001F1A4211000-memory.dmp
memory/1120-228-0x000001F1A4100000-0x000001F1A4101000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a50634aee808704e8740ee57bd80406 |
| SHA1 | ebc10cd884bb6b30776977377ad5ed28cd8d3128 |
| SHA256 | 007e50fd80e6e55069dfadd00e886e5ee7c4d64edfb5655f424a51faae2dc2d5 |
| SHA512 | 3b1cc9d71ff7bbb4efa82981c30ea695ad5066701d28d4cba515f10d82af488f9b89a80579cb4bc66996a2e497e75ce111b849730e171d0bfb2fe7e8d006b868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74223b215039316bd952beb2a9eb3c14 |
| SHA1 | 8e4c3153fa784fce7dfcaade7d341a0bbef67666 |
| SHA256 | f30959e56eecdb4da45a5b2e1d6d24216abf6901639717a92f1b75b6dbaab3cb |
| SHA512 | bda60b7932b896b772b3fbf06e3b4d9491126fe35e7cc976145b7d5d01e2180e6bfb69ced68ab01bc290d0163500fd7123bc139f6f6085918c8435a5ae86526a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70d19d88590df9a2cc203ca916c98562 |
| SHA1 | 5aea6c64fb2b5f5dea8a973b7205b86463abc77f |
| SHA256 | edd10ce0484b1d0c4dd02b95e5da57366ea88931ee239448d31036cd94dff4e1 |
| SHA512 | ece289b358b69a30b51c9f3e7529f4d3030986e1e730a14a2e3f881095e053f74bb2c60c0d52087e679c20282935c40067c3c5d70f7aab6263df3ea47caed60b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595ae8.TMP
| MD5 | a0b039a31765009a82737428e943983e |
| SHA1 | c5ee7fe416b89dccada13c8e453f93840bf4b627 |
| SHA256 | c9470b787a4eb7eb79898d28e18c55e31782b133984dc03e97ae76499870e1a5 |
| SHA512 | aadf36498a86cf24fd724a4d7afd8e5a08be367a01a354fd34aa31b9891a541d46eb39f1fefed7f6bc627bd2204696aca75ba7bf188877c151864fa0822c63f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 88a552e6be1ac3978c49143983276b3a |
| SHA1 | dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423 |
| SHA256 | 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5 |
| SHA512 | 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | e51d5a73c3611bb52db26942a6cd26fd |
| SHA1 | 8a750003a6fd6321eca6624012d638eb71edb5f3 |
| SHA256 | 8a35d9b6767a86e337309319ca907cb0837e4b836f82143c58a02ccc94a11e7a |
| SHA512 | 597043744a4afab83b63ed43db92bbe813e6003844d5f8beb4d4e7f52cc4e40e3af08621da4eca9407d4ec5db114f03964c4d35bf3b94dac8225bbf007659670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 6fa864cce0000aff0d1afa54513940f7 |
| SHA1 | 38fbf15f58e009976387165f49d3273f4a1b5037 |
| SHA256 | a692ca9498ec28c5b2a01c28d0d14fcd5039b753c34b3f18c2d35424fb04ec6c |
| SHA512 | 2eb612f54d3f2deb2a88ec465ac4c279bf1306b4ef5d251540356b5e0904b20fad8f0f4d4739b9ef32143ef3337917d499d1146bdebe9d7c687cf65a867ddb33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe3332119214e3bb5e52cb962a56c15c |
| SHA1 | 5a0818d5b40677d48bfae3221fb3b8559d202b01 |
| SHA256 | 9a99cdb2f43998de60d6dcf3cad20b5491f89d7eff857fc513847b28fb883d26 |
| SHA512 | 39f7a43610e3c755789339fb5d7e47d6a7f33183a57f87e63154a19b3b05d5f5a176cd7bd00b7d44f45fa08f99a869d647ef10479f6fd81c7bdba611b40df7b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 23d72f063e2d366fc86ab758677f01eb |
| SHA1 | e0fbebaac6624e23a60b5f9f2f8fcb0258fbf2ed |
| SHA256 | 7a1967f3800539d0a09d9a1c81b9025f4439c7da8afd94dea6344ec36ca9cf1a |
| SHA512 | 47f17a32ce16c5bb979162ae32f0153087beee7e94f67d33d6a06625f5d9a8d1e637f592f60c3e65f7207d99dcafef738ca114457a9f19af95282f8d1d5554d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 482b0a3cad7529e6e2ee52b33654b47d |
| SHA1 | ca14fe5e634e0e4d03364c507acebfb1bac50960 |
| SHA256 | 4b421272d5ff25fed5a84ba1e3b79c490ca7c4554957e6a9e4352784af36c85f |
| SHA512 | 0034f836a63b23ee1d4fb296e5b2f7506996e197d2788104f2807d8859500f8f3a1ba6c284d84262e9ad4e2cd3debd091bf4664c60b238831b0f09ecbd9aff14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1555336c7a15d07ece7b72decba72f48 |
| SHA1 | 6c7ad3908604a546ffe1988f22a814cbefcf0749 |
| SHA256 | d1357ef476bd99fa8734f2caf1d197c7dcd8a6160c9fa953eaddd3978c8a20c6 |
| SHA512 | da2eedcd81676bba5df9d62e4cefd5d7b3896c125a98d1df554faab753463b005f98b3103f32444a6a391b4d5dced6edfc67bce5f5926c36e625f281e1d98fef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 605b6d852b6604132be1c1bdbf1a5896 |
| SHA1 | 4692d1f661698427ba4c4af6988c8c1f933c56f9 |
| SHA256 | fab765ac8fd48b26ea7fae12b6d027a9a6ce21f4059df4012b874f04a52a458e |
| SHA512 | 472a63b6c97b4ee8b9f5dfbf237ecc0664b64a9a53548ed795efad09f84d8a01fb11203f302b22d3861db8c81810642e0f5811ada65a4ae053c9f90949f29091 |