hxxp://google[.]com

Analysis

max time kernel
960s
max time network
1036s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
163	raw.githubusercontent.com
164	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{7AC32F26-BC7A-4DF9-BB08-FA0F90369958}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4992	msedge.exe
4992	msedge.exe
4184	msedge.exe
4184	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
2172	msedge.exe
2172	msedge.exe
5224	msedge.exe
5224	msedge.exe
2324	msedge.exe
2324	msedge.exe
5072	msedge.exe
5072	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4496	OpenWith.exe
3408	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	316	7zG.exe
Token: 35	316	7zG.exe
Token: SeSecurityPrivilege	316	7zG.exe
Token: SeSecurityPrivilege	316	7zG.exe
Token: SeDebugPrivilege	5156	firefox.exe
Token: SeDebugPrivilege	5156	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
316	7zG.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
5156	firefox.exe
5156	firefox.exe
5156	firefox.exe
5156	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
5156	firefox.exe
5156	firefox.exe
5156	firefox.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
4496	OpenWith.exe
5156	firefox.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3408	OpenWith.exe
3616	AcroRd32.exe
3616	AcroRd32.exe
3616	AcroRd32.exe
3616	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 4916	4184	msedge.exe	84
PID 4184 wrote to memory of 4916	4184	msedge.exe	84
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 3116	4184	msedge.exe	85
PID 4184 wrote to memory of 4992	4184	msedge.exe	86
PID 4184 wrote to memory of 4992	4184	msedge.exe	86
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87
PID 4184 wrote to memory of 740	4184	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8954746f8,0x7ff895474708,0x7ff895474718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4768 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,11584706619730662103,11356398812125065807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1340

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\42 (2)\" -spe -an -ai#7zMap22051:74:7zEvent6667
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:316

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4496
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\DiscordRAT.py"
  2⤵
  PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\DiscordRAT.py
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.0.506810733\1916917313" -parentBuildID 20230214051806 -prefsHandle 1780 -prefMapHandle 1788 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34ef74dc-ff1c-4f00-8c99-50f51e5c536b} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 1868 25ce130a358 gpu
      4⤵
      PID:644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.1.725022557\1148250398" -parentBuildID 20230214051806 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb241306-d25e-4c0e-810b-60aa38ffdbf0} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 2460 25cd468a258 socket
      4⤵
      Checks processor information in registry
      PID:544
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.2.666121135\2048726804" -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f594cb-53e5-4038-ac1f-50ea3f88764a} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 3024 25ce433c258 tab
      4⤵
      PID:4656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.3.523910101\1287218466" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44c42e4f-72c8-4cd1-aae5-821fa4033692} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 3584 25ce5836d58 tab
      4⤵
      PID:1256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.4.668072511\146671341" -childID 3 -isForBrowser -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {069a698f-d0c2-47f9-be0c-2864ba5358c3} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 4988 25cdfe4b058 tab
      4⤵
      PID:1980
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.5.1183554326\334514297" -childID 4 -isForBrowser -prefsHandle 5004 -prefMapHandle 4908 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6944cb9f-3050-4240-b955-95b6e5a8615b} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5108 25cdfe4c858 tab
      4⤵
      PID:3332
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5156.6.184673538\732788909" -childID 5 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8fe8965-d58a-4cae-bac7-17722f530fb9} 5156 "\\.\pipe\gecko-crash-server-pipe.5156" 5288 25cdfe4cb58 tab
      4⤵
      PID:220

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3408
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\DiscordRAT.py"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:2472
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=64C759187B100B3B90D2D88DC5FC4209 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5128
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=286DC57B40B0371354381C4903D16A0D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=286DC57B40B0371354381C4903D16A0D --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CAABB325D3E5BB6CC7FEDD82BE002315 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5400
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=306F7B12CDEE0FC6C05ADA34BEBDF80C --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2392
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1A014516136ED9ACB7BCBE13104BCE1E --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7b41ef70-9776-42ec-a388-43b6aa090a0a.tmp

Filesize
1KB

MD5
11c1b155ebc7cba6afc45179aa495b5a

SHA1
065f84acbcf5ae0898d0452313a452ee3473e3f7

SHA256
2a1cedc8f0faa1cc71d62a9ac3cb46d896821d0a99ec294965e70057f31c9a3f

SHA512
724b375d92acffc3532e4b77631eab71c2e2dd2548fe601a66bf937e94b1a8cc616aead9fdefe39bdf73aea01e146af003809a062fab72cc3c92897753be3be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
43KB

MD5
46b6ef2093b07b6333a72ab5113b6452

SHA1
566e4accbc76afb673614f4c8b0c2ffe281e89fd

SHA256
51be6ba8611f6a3bf95002fba48da012cd9559e0667ff19176a08150e429aa9e

SHA512
b19712a582fbb03f57ec1c91e28403076fd7aedf6c7b64cd255b3ea6cfd806df919423da236fd78aa39e78b5f4ef567e41c5d56002bccdc9338857d64cb24ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
48KB

MD5
675c3cc9eeb511d43db6635bf1b515f9

SHA1
b5a3bc916093bf35af9cb26f45f79c229db4d70b

SHA256
827caf07904c9ca524acf5d97bcaf1f11c84ffdb1fc2e7f683e1dc80648ed58c

SHA512
6e82a416ca6d79ed2402382326d8621d9828b420daad5ff0a93f2de13598213b52ed7fc9f6a59dc6bb71bfb6a1bb13be3d54581e2d26ecb0dbf0bb2ecc894197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
24KB

MD5
6165a7c774d104653fee619b4ea77fdc

SHA1
214fe3e58449f886e78f2a101844acead3502236

SHA256
e6cbb4d443cab3632935bc1284e7691409e4a17d5e67c8b401b831c8dedcd773

SHA512
0d95446139983a568f9cd3d18f12eca05fca44257c6644d6e894a13d94e654a2c19accdb5baa4c513a69bd3ec97dbccd143f1290915f13c5c39d0fab478f1034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
21KB

MD5
b06fa3dfc52a8b8307d2b0cbc039a5bb

SHA1
26588a72932890663c6316230f630e52f5038fc9

SHA256
2ceb1cfc5718d43f62baa9b802554f79e4029384a625c01eada3c508a3c518ec

SHA512
271e62ea541a0b17c1e52dd79bfdfc35641abe1750013daa237441e2751839edfccde0e42f6f67235989d608dc27094c86c442c7c584248d0b9ad251edf57837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
21KB

MD5
32c05a2648fa581b2fddb72595c036c4

SHA1
61ad89a62722501be68af6a4ce20dd260126095b

SHA256
0a525183f268409566c99e6217a87645908306df7dcda16a45adfdeab84ada50

SHA512
9fb37130d69df1439adb0ee4751b3ef8520fab2400abe2c3154933ff67f3b01b45802d7f6b7a14a0b4360509ff05d53dcde3b18534280eec21b4e4e31b7ec596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
24KB

MD5
dffae597264123f497897e41c5769902

SHA1
cdf8614011681c3bb32a683b9b47639e73fd9667

SHA256
f6402c96a60f368920ba4fa44b6e0e6607d763d9e1ab2be04c7518cce9058a26

SHA512
30e31a2061d1d6aa7219929ad32b5ac8b7e87c31de55fbff0cec5bdeef1148c223ee6a5aea066950fd7107a50fcc91bbf66bf477af00c93a1822ce8b645072b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
21KB

MD5
12b3b06a215a92b61047d4d676009d5c

SHA1
bfaffa1420406892f96c14563413c12b22d5578d

SHA256
ebddde1fdfe55665db44af96d9a914ea833d5c74b510150b0aafcc6598c8ec72

SHA512
5f597b93c1bd9e9be7d7aa42ec1a69d1183d164096046af276546f907c7796cd5d1ea80d152ac8cab76f1ddf3a6e3d51ed74c6dc97d467a4f5519dbad8d42ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
40KB

MD5
d03a73bd100338b51992a3ed0a7b7d23

SHA1
96c9bacac693dcc51a7308c3d8f3d984d1eb703e

SHA256
1027b3377c7ddac5728a4d3a82856de1ca7841829fa649a82bc80a9de05cc77c

SHA512
8d6bb19a73e9e5b3ce8db3344bca8b0e8f50daef432d0fac50e6797c1598e27f2e92a9e8c482bdb1916f0ea7e8754510f2691f33ca071584114e2963e4face47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
1.2MB

MD5
be529a907c265364aea60b32d2a6b43f

SHA1
4e36681dc58aaaa130238083d0aa43d4604019e8

SHA256
1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd

SHA512
37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ea01d9ed7e88907_0

Filesize
8KB

MD5
ef38e1cd36616d6ac3a599ccc4305dd9

SHA1
ff73ba9d76c4ab106e03e2d1d4cf1d112387aa52

SHA256
efa16a8eb225af26f2a6ec63ec7ce22b7f2e00bb6bf9f36854b6738a98565872

SHA512
b29ae19443e8306c40acf1caba0fc5fbdc6de199a71367c270bda89b7cf81e3a5c585490cfa9be4e51fee104ca45b07c539723176a59199c35cc89e7916b7c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5d913c8fe37f7e982fb607b6b336dab4

SHA1
27be2dfbec7b8958f11fad5bb9c6edacfe825cfb

SHA256
82c105ed8eadbe9fa0126a160367225eb5e8df11f47b9382b895504c5119ecb2

SHA512
04505fffe8762510283b112c3ac0c28a62a3fbc3d5d0ad416969b8ca8400ecdc7e6ab902580048bcde5fa97cbe5fafdeee16e90e7a6e3faeb0e998a8223fe92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
83bfae797d1ae22709e34675330be6b8

SHA1
d720c68b297082ab0648ccc6c3492ad70c0ddab6

SHA256
349250aad763fa4743097e56d00970187a0dbcd0ed166b739bc2176b16983036

SHA512
7d6a5966117f44d95d073244ae77b9b335a11e16fb534b44e5c86c2a271ad5a7aec008386b47756591a427ef0cfbb34b9e38d96c1f4cd04438c13034493f1b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3f7de8cfc5b9b0a5493b5e36d670e611

SHA1
8f5ac2526cce3b1ddc91902f6c3fa31f46792e16

SHA256
d6201b2b5e0ab4feda582cb0ef2fcad83d4324dc0d7c16f2262d75feb2f5f048

SHA512
d516cd95fd97adbd96873439ea1711718aed584f9963a708cf9b89978e2a3286c9460592ad473bcf5ceb6fb1a8a23b99036050bc556865c4b9cd242954414f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b4def72ae07a3ffae472629b0efa3c43

SHA1
38e42725b4b08295881d34f48da7a01fec4d7bf1

SHA256
f886173306bf29cbbf7d8c144a26d1b5feebe5436b29e663f048162d8315edb6

SHA512
68acf9ddf75a049d542148ba3ccbb4f2a45d0313d3dcf3da2882673a0483bb77d6ea11c1b3b55106c606315358bd7fcdd8ce9db1e5aac337e18af0128d74c4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3765b15678838c1720f2618fc20f1a82

SHA1
d3b821244dd3fdd3b9704897390c3cb7bcaaf776

SHA256
a3c5eec0ab0a233ad64ac580b6a890cb3b75c76526188118362b291afe095c9c

SHA512
6b75ffd963e12871f69c3ce0901f8478e618d334ccf190ce8b6e87daf08e8fb66c18e1a2b111bcd19f6e35bec9715a1ec7c719a4bfe9ba68c2d2106c158236cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ed111898eb340c8bbf6aa13f76a9a513

SHA1
34408c51649d4899a9d4f9bb5f99249e8d27cabc

SHA256
32ebe97efb53878ed1a3ea09fc91e52de3a1a9457cc994909a268025dcf95052

SHA512
8366d7a35b6866b6f2482166947e54ad7d182e1008b53480c784014ccd105472ef106b5c62aa61608c1c5dd26468eef153f487d3c7b01e2c1abc22618cca296b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ceba35d6acc8453c7e6fb4e2904ea84

SHA1
63432fe034c8d60fa0dab5002505ab15a9cc1f71

SHA256
bbdfbfe647a93f9b1f5c4206217c95dae51e3bb54ecb08be37e0b615cb10e57a

SHA512
048d1d4022bfbccf7b4283cec5116c826de24749c45511fd1d0f588b4520f6b0edac882b06dc397e2c20d73f682d39aaa47ebe22f468ac9f7b128406bf3d43b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa6334a784cc059f6fbf481d6a0be6c5

SHA1
123a8ed4d1bcc80b870210306aaba8088726b0d7

SHA256
a12c4f22f5224cc779fe25e0e872b1ccec6c45c9b55b74452cbba0e18a3eda50

SHA512
3031fafb1f2656bbd8eae3ba90174202d66fba3bf2f68d573cb9c80a68af068638d9d3ac1570e3ea41674f32478ffebc58f3addc93ddd12635e1676d0089ecb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
386c9221ae08a895f85d2273db0215ec

SHA1
86af163258b55611e0cfd287ba8d17b6ce6fa209

SHA256
6edd9e567a972d4c41a5bea33796fff3d464ac2e1bcf66b29408098f429ac75f

SHA512
53ae4b8c5fd480ebb16ab1a607389bc8e567f5b083a1418fb7e149e043d2fa8e93069056f52c27df0960288636c8dfb2657ff259573dc66ac38566170a84bb0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2782dc059ef412af93dba92989803e09

SHA1
8f7f9f0032687d8674cff5716b8ddb003dd10503

SHA256
464d66ace9d2f1634156ab697641a5e68db1c4fc15fbde80f5ee08bf7ddedcb4

SHA512
0151a84362c74690b24bb6f6b096d01f692451b4a0c241f630bce9ccb3d1a5d5e6ccc55c56ad1d5b2fcdfe34023a881ea09fcb8a14756c33c7d54a2d931b9d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
69a2c1bc3359fb06dfa649fe9576dfd9

SHA1
dda348efe0f67d3381ae825af375b1fb39e92236

SHA256
3ff4249015a141289d8d41c78b24da28de5c31dd373a229388ddeb61a550c110

SHA512
e9ee8f15913c9409b25a94a4ad48722bc44079a64202681df58564b7e04f02ab90a9277bb8003c4a77f59245dbbd951e41939abe09a67143864bdb8600b94750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
52a30b4644bf86f70308f5e4cfeb3ee4

SHA1
b4a6cd7c8a5d69c78914697d154fdf3e2efe2199

SHA256
21bbe5d02fb632c1b807b535fca4fb439d40fd341be272fd886291d348563c12

SHA512
2ed7c3484afffd3e9fb610f1e4e251cb96b31b8b8507e1315572f46da3d02ff28e2d9be903e8be7dfa8aa48e694ed9dcb4d06f4b64f68321c2f72ecf4c1528e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
207c589cad4b7b75cee4437e433c2ab7

SHA1
335a25b1e401019ab6d5c7e8f4712ea196d6f3f6

SHA256
f3f9aae7f79de37ae016597fcc0b81a1872117d1ea6cdeec77795e7d2eb429f9

SHA512
6ba19f0ffc7e347290efce7f55e6a77fe3ee89816d3b28be8ef4445b837dad3fc55715cbabc0e725f0fbd97c9a6c42a1e480de665adaa561b51a74904a7402a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5cdfb49595e7163822b967559e9b2098

SHA1
ac2533a74bd823d786772d41b0c7d43d9851c9f4

SHA256
73913bc1255f364d40f1dce1a0b39103f31e3fa36c6e50cfbd53cd25bef9c29e

SHA512
5d7ae7b968d90d18818b8d4f13794e76ff19f8f7252e34128a9db85bd4152cc039b3bbca8d33c4defbf55ca9568288a84a5fcf8809e72a948059ea1cd11218a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f7d9af386731c8d57f81c296f4358afb

SHA1
0223e5b6c74940008e077887f169d662a6634d45

SHA256
d5b7ce6947d0141adf9d2b50e03d9249fee6d7e84b6549e3284abf15da3f0ced

SHA512
85e28243deab0c27cc5ae1b4811a64ba806f0480e9baf3f54ee4878b27febb5ab1aa57c94409e2b9c17ea0b53991956b07fba7733bda3b15cf5fc2ecbc7f7750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d804770df08e668870be9e003743197f

SHA1
43ff85ee6b9652072521fac9f9f6a84e3e1488c3

SHA256
3c27cb74be9f331815c41a026e21f4f6be6ca20055cae24c29edf04fa7b9f3df

SHA512
bbdee52351bad76b696e98dc76d8c71e64c5e32d9717dcd94f43db170332e1b17e90df8806431abc7a6f4b9e41aef390ae5b781e3bd84d98a18a7702a0667f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
73472f56ae8bf64115aa76016b76018a

SHA1
022cd9bf4fb60b2f05300b1cf7bb8226ed747824

SHA256
dcf64cc91dc005db2d33ad33571ad9a8f9a57b3e7008fb8ae9094f88cbf0a957

SHA512
9425cdcbec73cf456c7c4a12340edb75da5e68e8fafae2672dd2b34b4e2e0853e7fe740a83bbfbda4f09edd7b9fda244031b5dc844606c2c62f9ef903e8ce7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5774d2.TMP

Filesize
90B

MD5
906304f5b0b835518f1acac36d34b83a

SHA1
1a2be0d407690d29c38f962512acf61cc0ca3d67

SHA256
3c356cb2ad3cc51eef326ceef8cb17aec4aadf4a886ea4089e5f97330e7e5945

SHA512
073051da3aab0330ad2e1783a51491c6d718387be1855893d57d7a31fc7e8867f94379da6698e087072cfa02f5b5f72093da46701477b63c7e28f981f462dfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e09a5aa9210d955cd0d2e03994021d3a

SHA1
2b84a026192a682a3e258397933a4d9bcd9561fd

SHA256
e793eb8bbcb8ad7db27a709123870d60d56cd72ec071b1bec22f576fc3a7eec0

SHA512
9b4afb36baa19620bc42217840602b050a9fc05719eb7bea4e34dc2d532227a1edb012ecef8212e92bb9e40f5e18454f5e3980b61807e176dc956c6eb92e4b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63625d23ee70672728a5866eaedb344a

SHA1
e080c4f0d7987145e302d40ad109fa8dfd680d08

SHA256
bebda09b7fe6bb7fecaf270567ff51e5330f836d8948028519dac9ad5cc9e57b

SHA512
6c6d9bb0919e7de9dfa08cf4a5386c885fdca202918462ee5783a55e0ad2453a2066c2023faacc14d36f68bbdf79ea487921592a84bfa51daa8fca523f7a38ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54053e39b1734f629d39da2de19877e9

SHA1
4299cd32ea70f8bfbd7ba3a2cc8d8fc1604d358a

SHA256
b017c66244a34b0efb74444c8ec56e31bbb4c33636e87c13ff0c9be4204c276a

SHA512
3793d85b3785f53b46f70a6e2e4c2db535d832aa844aa1d1ca9ced46767e7d839e7f30960405a4855a584b8dabf0062c6392184291ad262c42b3c3476a4fe02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
426b60dd9f86c2baaaaf11199d6a7bc2

SHA1
bbc17d50421d95ed9e746220de5d29cc7cdc31ce

SHA256
531fbedda9bf3a41fd8f822a4673165898112b693fa2235acb1fb999b143f14b

SHA512
e9c105876deb00c9524810ffe6a7dd73e90c9b686acadaa025e9a87ba2a1f1df18119a143eadb60747cd188475eb20d155af19e9fdc541977159a3d4447c274b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
120f1fa32b47ffe1ebfbd64b20f5046f

SHA1
c8be3f0e3845d6de87db51eb5ea1474d7736c053

SHA256
d67072884d539be3059233a5b3cab3eec2264500dddb69a605298d7ffb5c49a0

SHA512
b8cfd0ea5a2d2522d5dc009b63c5b0921b3d88b9e4aafd125c58a5ad65116dd0ec15b532d0970de35fd1aec92cb02bd1aeba469acca2f76b4b81ba7b0149e4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
899aa5367a4676a5782a165444d02bd1

SHA1
cb641fc39052875d7e85be4148554a02d8662827

SHA256
99fe9d6105efd9d032c465fc0f4c6fc17247ceabb6003486490ee3329fbc0b27

SHA512
75f4d4cd20621ba99d3e2552782ac540d01a01160c804050b6467db9b9c457709ac29f2789609581851fc327c135e852d51d813584dda5cd9d60b6987389acf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
291fc05fe5ea80063aedf079d1fc44b9

SHA1
a11317920dfa004a9ed4e175eb58326e7c1bf636

SHA256
e29c1e235fdb3d4bf9b35efca7acf0e36d2921a369bd3346a24c6d9fa06e8dfe

SHA512
f65057fca9647be0e6ecaaa58d0962e6be5c16e8c8558ad3c6f2c14bbf211affbe3d0ff34a2769529e0779494dd3ce188df480796413f6aaea639512b22604a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
37f6c44adf4846c0223211a94a74e3c6

SHA1
bf1db777a2cb2a3e2e7f688f44967be12bae2816

SHA256
b164b80449775db4309ae18e57fe532a044ec2082950e6aab23a965bb6d58b69

SHA512
1f2757ee2de4ee8dd37dca636b24476d664c78f9e2cf65d128affc794073e430c5454075a914eaa3c28538ebb22522c15c858eeece63fe70af2b0c5603a8e21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
592b67678e99d6755c72eeda341d495b

SHA1
1280f84406fb5536e064c5f7fd9f3e74fdfea3a7

SHA256
c264f033fbc781f203c586329eb503bdc75e201402debe5153d4ea0d066a12f8

SHA512
16bf1ff8e18f694f544a21a24c845a0fe9cfde2b1ccd5c5276c81b2b4517c6ef591224f790d93d93057300bf4c79d6719a7086e2a20a87eccbadc018d90968eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f7e225718daf8049677bcce68608fc8

SHA1
586c806e774b5cffe89278feed5ae9de1739eace

SHA256
3ac2b2065835e59ba962e4a49aa46e0118ed697491ad8cf1c8b18f329cc4ce96

SHA512
d4ff80467ff593f7a7d47a96a82d0afaaa958420c5eb2c3126156dea451d9bd9696fbd774a4021129ba3775c97af2e7a4c0cdac9c0331748f17b95e9122ea930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53c416aad0a5b829f6e095603ce2501e

SHA1
88cf85a56a5e7d527b98e51ba8803e280ffaacaf

SHA256
a076b45d54454e637eb6e9890c013b42d1e718b6b3cbc0041121686300ea211c

SHA512
f1f576123a2b8b15b34359353d9f301ca7975e68312cacd57ad97b85505dc8e502b9172827fa7448e3e172e016387367434a7f74b5d521995e2792685fb28970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6e378900ecbe37beb5b8b5a06d870ace

SHA1
3d175bef5c6bee8d8cb8ae377263c8df41d6dd9a

SHA256
a8984a60570731d483d13dcb6cd9a8742a6d862d5b3be20433c488038852fea8

SHA512
e56d4912564af88daeadcad07c29463ded8de013b05f29b7dd31b4f324b81653d40fd96e2f88f3db2f7849e15ae41abf32efc6e77f2732d4d2438b0d06d7614a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ed259c8c7d6c0879da6dbbb5410eb7a

SHA1
3c5ebb7b87807e2e345510d84f29070abd2ae9e1

SHA256
33615f590bcb2f5a8cc9ebdd60d027d3faa54a18b5339447ed3bd0b255591df8

SHA512
f07ebfc9f73d7816947f755096d362297d0f5522c5c97eb9ebce69730d857f7018cacc86bf683a8af8463680d263711cbcdd29d17334bdc9449f8b3a859c4f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97c737b35f4d68fc4202726ac31813b3

SHA1
40f3067bbde2cab2e7e3c9b15dad141822985633

SHA256
8bd9c6aa67f07b40da2f4a13095e98a82c79cb90502fe2682284619c878aedfe

SHA512
151583a13e5e53d737483358f9f51f565a345b32e37260bfbf74a27ab741fab46f2998f7c9852b37882f0759f7a197eee942548eb664ebe3e0a295d692c6393b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578e36.TMP

Filesize
204B

MD5
ceb46a40fc98d2703aef282efa83a49b

SHA1
00c1ea0387beec704f2976f5aef8b889befde739

SHA256
781fe8f6cedd886a57da03dea0f28502bbfd80c64c12367e2008aa533c29d0b3

SHA512
92f48c8d2591ba15e9403ae4ceaaa905dd5b6ded92cdfc47aeeae95502ce28e461b1b1d335b0a9932b2497755462cf8f58579d24cda6e014467367648c3bba5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
18922cc063f38e8af7c478fc1edd4ff6

SHA1
872ee74cc68edbf27bfac08a9fcf7ddc7bcfd42d

SHA256
08a49ccd1aeae25bcb786f3bf4123aaf9cadbba90dea1b6ff3ccb1aa1f9eb154

SHA512
971bb25ce73725bd40075efae98f5af149f4cea2fd13b974edbf910a64055efd3010307ae3ca3161cef4fc436f854686aae022f0d41a4dd84f61b516ddfa86dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5cdd015e15c8da7cefc7586bc34ef76b

SHA1
e55f41655c48e67c87416fa2eb29154e6b37b837

SHA256
7a08308b74a0ff1da0794c3811d6d058699d057784dace85949d3faf6dcd039e

SHA512
800437ab580125b1dbc65c053474c3aa91221301ae36b175a60386903101adfc19946ba2d610c92999658f58dd2c4827f693a64297698eea9488d69e73318a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82bdebdf58c55c1ad1e609142de3ed71

SHA1
1c636229d39747eaa0201b3817e836c4267ad009

SHA256
6443954fe5dbb214f3f06ad0ce1f03a585f14ed593c5540da78733aaef2a4bdc

SHA512
5c95917d91dc3c266397d4d257ec8241ff881b1c3ecde003b459b4ccc444cce8b1de809f0b74ad2a305eac49695cc908da41e47715bcf96264c53c1df720f615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7659795dec86e7016cf38c00d487bf51

SHA1
fe4d75fd4080abf930bb689fd0f9b0c9882d51f0

SHA256
895aa20e0b47b7fc25e03c1a720be7ecf523a0a79317f8c68dc95f6767e350a9

SHA512
759ebcd33f4b007c457fefe0e3458776b50abd9307544ce6ab114f3e336833ea9ab7b5b909f3014a3cfaebc69a5d39b846f35607ff9ccfaac12b00f83a62c7f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
bd99747003aa16cc64c5f1e93ae6d0df

SHA1
e74320f3c1e5938bd8b03402622145eb23f9eae8

SHA256
ddcc6a5da5d3eb5a92fa8d63034ae50c6b385b00527460c844fba17eb7d9c385

SHA512
ff55387b751b2c9d1b0a5c1458cb069f3e8eea352f6ea2344d0d33120dd47a39a341b049e26432c2efe3abc74e38320d27db083825378c326059f0a5092ffd26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
6KB

MD5
b097f836158ea31f9bda3530bd3eb9fc

SHA1
a93f816248427124670ee1a07a25f66b65d44f4c

SHA256
a0fd9667b1ad0cbe7c388e4e6821e7632cf13b2cd5321a8e6ee37549568af635

SHA512
be22c14d14debd67689aba1e3df0e33fc5c181a986d6de8fdba7374411968c8a20f9b762c25245f193c736bcd3a7b9ee3fd5efef524da9532ac45c4249fed4e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs.js

Filesize
7KB

MD5
7e9ec4a23e063e637dc8008fcfda2d47

SHA1
a8cb22cbe890f9d22c8145cb892cc421c96d7ba6

SHA256
0ddbd3ffe15cd0102d6ca3527a7ec1c1ff3fe1e4a38022e4fc1361b5ada2d66f

SHA512
9d6f2989876917cedc1c4b99e26768793bd9135ac527db89d5abbd47ba53bdc7bb2441512efdbd7ff39d0154d9267ba4786eca4456ee9081985608295e102ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4

Filesize
912B

MD5
f35de4a26123801c61dc0d3e300d47c6

SHA1
67b62cdccc8123bd508fea40798d8f2a3efe7bd6

SHA256
a7e16e3b2266e277252cbad6c42c0352605df968446e979d348a89782c4b8679

SHA512
2258bce1fda38279d9fc2a45cb669bc6ced290874cff17baa3bb4172d09223a54d2442aca8ca10cb8bd5874852f900cc85696db2ca0ebedc27daf10cb186e079

Download Submit
C:\Users\Admin\Downloads\42 (2)\lib 2.zip

Filesize
34KB

MD5
0a76bd3e26768bba68aca3d210997069

SHA1
753690994a18cf58ed0fe3749d16448b763047b8

SHA256
9056b87f079861d1b0f041317d6415927d9ffb6498ce2530ff90fda69fa64e78

SHA512
14408ea7f44bc365a58d7480fff9ea3b10fa21bfbd3363c6e30b74a4d4121677e20ce1108cce12c203f0760768aee1c1aa69b130e090c409f9a516ea02d70c49

Download Submit
C:\Users\Admin\Downloads\42.zip

Filesize
41KB

MD5
1df9a18b18332f153918030b7b516615

SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503

SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

Download Submit
C:\Users\Admin\Downloads\DiscordRAT.py

Filesize
24KB

MD5
59533badecffaa8c4418eebee6e10505

SHA1
dedc9a8e045377286c840e1517606a8a0b544abb

SHA256
e24b5bd1642a14362dadab73fe0e1b3cb896aa754d0eb1d7605bcc5e832c31fc

SHA512
8387b2678ea51156088d6f07f42ccf52c137afb9b4ca4b23c1923af5f4f08a0c740107bdc34ef99362edd11091e7c025c0329907f25671fafbd749be88e547d2

Download Submit