discordrat | hxxps://www[.]mediafire[.]com/file/ok9xp2g17vbucqx/Panda_Exploit[.]rar/file

Analysis

max time kernel
134s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/ok9xp2g17vbucqx/Panda_Exploit.rar/file

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIzOTE4NzgzMTUxNjE3MjM4OA.GYLFDQ.huQJASMCLjqluR9WrTcqri5t-vNOB6HHEry5Kw
server_id
1237879900740915321

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 1 IoCs

pid	Process
6192	Panda.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
383	discord.com
415	discord.com
426	discord.com
467	discord.com
472	discord.com
378	discord.com
379	discord.com
412	discord.com
425	discord.com
448	discord.com
449	discord.com
468	discord.com

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{C96298F7-A140-4EFE-8EF3-278AD73A4ADB}	svchost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
3028	msedge.exe
3028	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
3584	msedge.exe
3584	msedge.exe
6192	Panda.exe
6192	Panda.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe
5984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	6220	7zG.exe
Token: 35	6220	7zG.exe
Token: SeSecurityPrivilege	6220	7zG.exe
Token: SeSecurityPrivilege	6220	7zG.exe
Token: SeDebugPrivilege	6192	Panda.exe
Token: SeShutdownPrivilege	6192	Panda.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
6220	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe
3028	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6044	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 3984	3028	msedge.exe	83
PID 3028 wrote to memory of 3984	3028	msedge.exe	83
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 4536	3028	msedge.exe	84
PID 3028 wrote to memory of 1416	3028	msedge.exe	85
PID 3028 wrote to memory of 1416	3028	msedge.exe	85
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86
PID 3028 wrote to memory of 3588	3028	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/ok9xp2g17vbucqx/Panda_Exploit.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9747f46f8,0x7ff9747f4708,0x7ff9747f4718
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9832 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10296 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1759973728712398091,3116708681097260891,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6324

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap19839:88:7zEvent11006
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6220

C:\Users\Admin\Downloads\Panda_Exploit\Panda Exploit\Bin\Panda.exe
"C:\Users\Admin\Downloads\Panda_Exploit\Panda Exploit\Bin\Panda.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6192

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:4716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
62KB

MD5
e2f5339567cadf1f367ae23c6ba2fe2e

SHA1
7b44030002c1b97bd95912ff696ec34d2335017c

SHA256
cb3c31fd9cb4a76d2a6b2d5c8177d121ad4c0bd1e3c0434d5eaacefa141c3ec2

SHA512
f6310fc1f14dc9067875cc67ddc57bb34a59b4772def6b355f0e23d951489361e4e732904ed7fbdded0a2dd0414e4fbdc74ad4c3287946113b956fd7246817b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
31KB

MD5
f46e467f0ce4cfe941d7ab027d90a82c

SHA1
320c6562c1d7d1ce7d157db36ff8a3344cfda052

SHA256
c99ccba9fb436fc1d57950c7fdea18ccabf5bcc81c37079ecb789e197f6b183d

SHA512
903de351ba6a5574acf883bb7e4dd6e1a5a9ca6aa0f4607b36fe78205ba0be5e25de112b6ba4901d8f301482fabc766469f418d80b7e072e5a7a2c9aafa38509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2c51d1005dc9ebe8_0

Filesize
21KB

MD5
ba6f476e25b30992ffaaf2aa2fd5cd23

SHA1
a6ad170951209fb154f72a1c9d7b51f4c1fcf56c

SHA256
19f67493c40f1b3a91cc7c016acfaa788c91d6fb6bdc50efdcdb8fb95cb752da

SHA512
09c620767b5435e1de4bb707a74de57663ba8c33d2d4c23b7859427bf849f9dcbaa129db8fba94e0e275daaef38431a596891883d6a4d9b032c534cece6e6128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ca2a2a73ef1c6ad_0

Filesize
54KB

MD5
a22a84b6fcc9190ad44b122337a60b59

SHA1
905ac3fa73501ddc15af4130e9a1072e53559522

SHA256
ddc43e2aca2c7a4c5ffb77306bc1b1e3df026da9c44a5b74310bf6c3a2511864

SHA512
af130c5919af6c1dd69deb59848b5ae1daf7f848fff3aef7d67a9e8145ff9a426d7286a84a9960a7e381be85b7c5ba04338ef8eac94cad3563942fd8880c6395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7ca52fa1a6174ae6_0

Filesize
157KB

MD5
499fe804d9f6d6dea105f56b05c0e220

SHA1
08dabc60cf3209548571a09fe9a92d9e081bd50a

SHA256
13c60ac923a217f0e7b2601833ef710ce843a8c26d6d81f03c57929d4a12077c

SHA512
8260c8cac9ec09c9d47e564c0f0d8cc864ba631bd26d12bc2db07f716e883f29fec0a14b5c28d62515d647571d1dda8e40c333341f4e0e41c1302441792204c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8380fc32d64fc7ba_0

Filesize
337KB

MD5
73ae69a1cf69590ec17a3bd63c236c8c

SHA1
6c04d56212573752d92e0f7ceb9ea80bb8983aeb

SHA256
238b52058af7645877fdea9422f88c1d0c84ca901416e464e8e90361a2925d32

SHA512
b431276f902166e1558b8160843ebd5281123f96a7913244a904e0071a2f2c16b35e39c211ac6ca29fe148622b678c02de36297cdeefaa46cd7039c41b5797f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d34f70d030a5cb8_0

Filesize
278B

MD5
cfa92823b989c117f3c9bce59d802b14

SHA1
d353312f7ef96c228a0edd857ed84b488b39d8cc

SHA256
20e78fca243340392aec5b1182662dee856186708f17ce5cf0266cf9fedfc16f

SHA512
70fb152292aa8965831cceb4a38fc3aed32c79a6032a8a72bd54d2796ffc30995ef363d5354e61358fc88015be68d40f5981ffa86a132fdf2d2d05280fe57dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba458c69817d1674_0

Filesize
268B

MD5
8ae2ac23b05a1ddaef3ab885c3445ecb

SHA1
ac7f9c98d0c461719a2c616d4b455b6a3fb32f2f

SHA256
2e0e68c77e56df6de50ef8d7c76a9b4a92d4f3627b97fba5d9ae056fbbc728cd

SHA512
4e0b92a364e72d709339996b62257c61bf8b72f295fcf40123bc16bffa968c4c5ba867c2c151b85bc42b1e7223bfeef7b7a6c9cc2652f61902544216fd4e2a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dab48bb59b4ad100_0

Filesize
14KB

MD5
6bf115e685b0476c4969268e877c006f

SHA1
2f65fe211147665624b3c7b2aca190066e0fad0a

SHA256
809cef132af1c1b44d70fe3c10082ec3bd9f4e1807039d780fda8c0e78c2e8c3

SHA512
5fb023b38cd973a6d7b61e97e50c7052763b7d276e8dc4d3c40a7d358ebc36d038372742802612826f93a1d4d3001824ce4dae296523f8d80125c61b86bde4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
8eb864d1d084a3265f541ba8df87870a

SHA1
276bcfa9997a54faaa36de5e5243c3ae22411eb7

SHA256
5fa11c76ee62e245ac7d09041ef12dce861859433311443a60a95465512d6c68

SHA512
887f9f8ebd8f43319c835354eda246cfb5b4c14b61447d274a902cfe7fc062e7b6924cd2f315fd168babbbf3c3d8b391002e973f46285485529204360cff9923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
39d0a75e85174f03743f4628e987b8c4

SHA1
7b703a1997a0f2995cc7c40ff066c36ce2e3121a

SHA256
44f3bdd20dba42621af47436ab9ed0522e5bcc04cd73784eed465bfae0959bcd

SHA512
63d83fa532f64a8aec9b5e1525173dcddc9b6518e5bce886c7956f3b7ef252eac80de1ee38599406909ee282d3375d225099d997f5eb232f6c72915ed5747223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3f5c44e803d5ba4f3046ec3ca1fddfbc

SHA1
8144d137161add747add33187a643cab9ccb2619

SHA256
b066a9cfbed179ea16e0dcb9324a48ff43c29e183f325b017615d401558e60c2

SHA512
099f5d13c0c6b1c5b5b6205d40b961e00737c7bd375eef5f2c07d87326903e2836e17542e7a3d9e985adf6b1a8abd04b2cd57dba3a6b0bb212fb216f15bea743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
955749c585e1811dd2afe0dfaebca9d7

SHA1
ad5383894c64dc7c607416cac4998c5da5f52b36

SHA256
ddf80c8a73d9630c8dabfbeb7f5696233a376ddea17303e71f8a56ac9295cd1d

SHA512
906adeba7fa51f990528374dfbf9a4f08d66165b7358cab97ae96381bb57d435a148a0c1fa94e1e34f84f99b6196da970200322ac5161575aa0ff3255c016df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
784ed34951641d56f4f28df8a2fb57e7

SHA1
4dbb6966802440cb687a5ba6cda91da0b628950b

SHA256
64a080f242fcebd83a3100d430ebfe8151894e6e76c86eedaa37bd15649e44bf

SHA512
36e04c1450310e1b66469869ff47a198979e35a0194eb272a59869ea66413a42ffd5a076f52276fb0efd47f488e8cc9e57d9a457361b4e719e734213476fde42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d4cfdc59bd39b0890ca8d8cf0fc881e

SHA1
83f704361fbb075e18d342b94ed3d6502473d9c4

SHA256
df0e815cedf4b4920af2eb6f884a9ec18bac45ce14a794bb39ab67ab35aea39d

SHA512
34af68d56386deb9bd3604cb28637a9862fe652fc535a6fd537215190f2ee875cb50e0a7ab1135319dddbdfdb01977d7a7e8420e8bd6ff592c6cc46a62eee189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
649ea583bbb783da325ad215938a0741

SHA1
85f1f66e618a8b92f9df38c430538f061e2f880d

SHA256
95af9e1b3c21e81e0ba8107eb9ef2e379db0d4491589b2ef3978f9d4379a9282

SHA512
86c0fb7a8d1465e59850c3e47247c42480b444f917fb10acc78f7d3a3c937330ef039ef0db064f11e6b6612a946d495ca117828779994a0574010409edad899d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cc4fb1b50d78257931304e6e7f5378bb

SHA1
12e999cfd9688af9faf4cb883e2143c15961ebeb

SHA256
7aeaf022607275596a2da9749fccec00622622e38fa6fa1455413e04c87bc79b

SHA512
39310d92b5785c0115c942a40c0f0236886341002fc004b47a8ab0cd5901f8b03352d390e5917dca4f3b3c37a2db0ec4bc64b866f2e82c35611043e5b7e82ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
32c5c42b2895f6756dd22250359159af

SHA1
5091c4714ccb21c718d34e2be05b74099654d8a7

SHA256
21039514fb1845cab413cc7544ab3d90652ba36951657082a3a8e13d1f981858

SHA512
4cdff38b89b066ee1f0253e956570195cc5bf74e453814cd863ada053da5c5e21f17a81283758437bfa5b4d597cc2a07d515fe395c530bb76a0bebe1d38c2286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
274004447e5ebbe5051f9372e43b9e35

SHA1
9640c5cb3e8c1a0ab13f366151ae3db31e6a82fe

SHA256
fa82b12a746d9e33f8cfe9f91c69a4e184cc0c6efe45ac52a074ed921b90d17e

SHA512
ea1a33c105750a614c63ee1badbe4a93a7d8e0c2792d0d64ac846a285ff96aceecf5d9c90a68f7125eaf44b7b43aeade2e065fdc5a1bc41432107ab0b1e07a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cbb0df6bdf863631987bc568e411020a

SHA1
eba84b2586b9e314ca3a233303e101a18bff1b35

SHA256
021f9809916f643fc5b896b544e03b5fa53c24edd8800c32a37be3f9d1aa23be

SHA512
3b8ea2c68bb84af7fab78bd29a7f4e64d815253c2ab8efe0b04ca56596c7010262f84d96f2b6896c848e6bf2841c3e3c969fb942dd89b98411dd4a44782ac283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5792ab.TMP

Filesize
1KB

MD5
739c2495fc745d5324342f65253beff0

SHA1
2bffb849e97029c34365b891411726d048ec7018

SHA256
4552ad4e7e5e31b4011a1eb6660531f54203eb9e70076e8bf30f42c10c65feef

SHA512
5923dda4048879b6c7869d71e17850d558c718e0760e2f5387f48c8003b84266305ec5c3ce83cba59f52276de32b1a68812ae33779b282f8b425aa8e3efbaabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
686a806dd8addc587cfe8046d4fe483c

SHA1
52bd4a8b67e3168ded13e4c72708235251f3c052

SHA256
1aa7e8cafff6c24ccbf33fef84415bfc693b483e6cf0d7bd85988c75c6161988

SHA512
43299efa0e2b49d823c914564eafeac87de8cecaa4ef6d5b4553fd8a6b9e75b9fb04ed5c522556429213a1342a1a236db31395c498ca930358a5084b9918adc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d5e35e9393b5ecabcc6c42db6f8446c

SHA1
1dee930add750735736064b2a320cf2daf9bc42b

SHA256
9a8b70d12e2d1fba785697a25bd12d331d78befc78ac94e1574cc69d5f740f84

SHA512
174d5bbad9adf058942364b103bbba2ae3dcbdb21cdb68433ccb674f8308b68d7897f548f3f3d583dbd658af5e6f7a909d159eec722185e47228658c55bc98fb

Download Submit
C:\Users\Admin\Downloads\Panda_Exploit.rar

Filesize
7.6MB

MD5
ec6a80e0b2c60e53dde934dbd8abdf2a

SHA1
9a27f15bf954e448722952b0d41eafeaf4cc4bce

SHA256
21bc8d165a2a6c7c933eaa8cbb4b6c61d6ea1a08467e0ef2f75392f31ec2ac65

SHA512
031903ad0e5a986b0efaffcb9cf5e1613ee909807a98dc6b168915ff6431db80981bf90c7fa5c71fbb4a5674ab85263f6047a062c21e45d91f3f0e2ecc58a867

Download Submit
C:\Users\Admin\Downloads\Panda_Exploit\Panda Exploit\Bin\Panda.exe

Filesize
78KB

MD5
2203f35650f3c3356116c0bc4012699e

SHA1
ca37979cca3e4d0043af8abddb3c40d69da1f400

SHA256
05e1e92373e97d5a5777af35955eaeb08db1d9313db75a83b5f9d87de83a5b7d

SHA512
fffe795f4c36806ee8c7138e756ec7a895c88fa41589f44f3bffbe01a3d413785fd9d173079ff80f3cdd94ea7ae7a993e2565f66252dc1a7ba708778e446cf13

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/6192-340-0x000001DCB6780000-0x000001DCB6828000-memory.dmp

Filesize
672KB

Download
memory/6192-334-0x000001DCB6F50000-0x000001DCB7478000-memory.dmp

Filesize
5.2MB

Download
memory/6192-333-0x000001DCB6850000-0x000001DCB6A12000-memory.dmp

Filesize
1.8MB

Download
memory/6192-332-0x000001DC9C030000-0x000001DC9C048000-memory.dmp

Filesize
96KB

Download