Overview

overview

7

Static

static

3

epsilon.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

discordapp.exe

windows10-2004-x64

7

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/05/2024, 00:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    discordapp.exe

  • Size

    164.7MB

  • MD5

    f2d0574cabbc53fa49a48ea393bc0e08

  • SHA1

    559efe7cae86f5eeb78e6e49875d25a5caeedb3c

  • SHA256

    f660ed4f629400fcea51c34686858c1268a4aad6dbc6c75485116bdf3ff734da

  • SHA512

    8d1315d3bb1fb6faa54c292bd4b79d6835d73ed10c82330ba5f98a13b6f2ae9d33c5058bb30768f1cb187371ba76d989a8eac371463d79427bdbee63a4a15134

  • SSDEEP

    1572864:htRb5j0Jo3k4uaSwrkaxMnHo/qVfZanrCfYbmLlEkwPT15+ztDTeNokbaGMZAHmM:hTlBaHTf7x+Un

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Detects videocard installed 1 TTPs 1 IoCs

    Uses WMIC.exe to determine videocard installed.

  • Enumerates processes with tasklist 1 TTPs 64 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\discordapp.exe
    "C:\Users\Admin\AppData\Local\Temp\discordapp.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4732
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Windows\system32\tasklist.exe
        tasklist
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4988
    • C:\Users\Admin\AppData\Local\Temp\discordapp.exe
      "C:\Users\Admin\AppData\Local\Temp\discordapp.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\fay" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1724 --field-trial-handle=1728,i,6413009300765206949,17867974471073257244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      2⤵
        PID:428
      • C:\Users\Admin\AppData\Local\Temp\discordapp.exe
        "C:\Users\Admin\AppData\Local\Temp\discordapp.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\fay" --mojo-platform-channel-handle=1900 --field-trial-handle=1728,i,6413009300765206949,17867974471073257244,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        2⤵
          PID:4328
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /d /s /c "wmic process where processid=4732 get ExecutablePath"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:5020
          • C:\Windows\System32\Wbem\WMIC.exe
            wmic process where processid=4732 get ExecutablePath
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:3472
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
          2⤵
            PID:5072
            • C:\Windows\system32\tasklist.exe
              tasklist
              3⤵
              • Enumerates processes with tasklist
              • Suspicious use of AdjustPrivilegeToken
              PID:7524
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
            2⤵
              PID:4036
              • C:\Windows\system32\tasklist.exe
                tasklist
                3⤵
                • Enumerates processes with tasklist
                • Suspicious use of AdjustPrivilegeToken
                PID:7772
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
              2⤵
                PID:2860
                • C:\Windows\system32\tasklist.exe
                  tasklist
                  3⤵
                  • Enumerates processes with tasklist
                  PID:7532
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                2⤵
                  PID:3988
                  • C:\Windows\system32\tasklist.exe
                    tasklist
                    3⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:7644
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                  2⤵
                    PID:4312
                    • C:\Windows\system32\tasklist.exe
                      tasklist
                      3⤵
                      • Enumerates processes with tasklist
                      PID:7732
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                    2⤵
                      PID:4588
                      • C:\Windows\system32\tasklist.exe
                        tasklist
                        3⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:7628
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                      2⤵
                        PID:2744
                        • C:\Windows\system32\tasklist.exe
                          tasklist
                          3⤵
                          • Enumerates processes with tasklist
                          PID:8000
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                        2⤵
                          PID:860
                          • C:\Windows\system32\tasklist.exe
                            tasklist
                            3⤵
                            • Enumerates processes with tasklist
                            • Suspicious use of AdjustPrivilegeToken
                            PID:7652
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                          2⤵
                            PID:1076
                            • C:\Windows\system32\tasklist.exe
                              tasklist
                              3⤵
                              • Enumerates processes with tasklist
                              • Suspicious use of AdjustPrivilegeToken
                              PID:7396
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                            2⤵
                              PID:4052
                              • C:\Windows\system32\tasklist.exe
                                tasklist
                                3⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:7704
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                              2⤵
                                PID:1016
                                • C:\Windows\system32\tasklist.exe
                                  tasklist
                                  3⤵
                                  • Enumerates processes with tasklist
                                  PID:7820
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                2⤵
                                  PID:516
                                  • C:\Windows\system32\tasklist.exe
                                    tasklist
                                    3⤵
                                    • Enumerates processes with tasklist
                                    PID:8016
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                  2⤵
                                    PID:836
                                    • C:\Windows\system32\tasklist.exe
                                      tasklist
                                      3⤵
                                      • Enumerates processes with tasklist
                                      PID:8052
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                    2⤵
                                      PID:1548
                                      • C:\Windows\system32\tasklist.exe
                                        tasklist
                                        3⤵
                                        • Enumerates processes with tasklist
                                        PID:7948
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                      2⤵
                                        PID:1956
                                        • C:\Windows\system32\tasklist.exe
                                          tasklist
                                          3⤵
                                            PID:7876
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                          2⤵
                                            PID:2176
                                            • C:\Windows\system32\tasklist.exe
                                              tasklist
                                              3⤵
                                              • Enumerates processes with tasklist
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:7388
                                          • C:\Windows\system32\cmd.exe
                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                            2⤵
                                              PID:4684
                                              • C:\Windows\system32\tasklist.exe
                                                tasklist
                                                3⤵
                                                • Enumerates processes with tasklist
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:7516
                                            • C:\Windows\system32\cmd.exe
                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                              2⤵
                                                PID:916
                                                • C:\Windows\system32\tasklist.exe
                                                  tasklist
                                                  3⤵
                                                  • Enumerates processes with tasklist
                                                  PID:7836
                                              • C:\Windows\system32\cmd.exe
                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                2⤵
                                                  PID:4980
                                                  • C:\Windows\system32\tasklist.exe
                                                    tasklist
                                                    3⤵
                                                      PID:8352
                                                  • C:\Windows\system32\cmd.exe
                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                    2⤵
                                                      PID:4620
                                                      • C:\Windows\system32\tasklist.exe
                                                        tasklist
                                                        3⤵
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:7636
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                      2⤵
                                                        PID:3484
                                                        • C:\Windows\system32\tasklist.exe
                                                          tasklist
                                                          3⤵
                                                          • Enumerates processes with tasklist
                                                          PID:8264
                                                      • C:\Windows\system32\cmd.exe
                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                        2⤵
                                                          PID:4064
                                                          • C:\Windows\system32\tasklist.exe
                                                            tasklist
                                                            3⤵
                                                            • Enumerates processes with tasklist
                                                            PID:7748
                                                        • C:\Windows\system32\cmd.exe
                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                          2⤵
                                                            PID:1068
                                                            • C:\Windows\system32\tasklist.exe
                                                              tasklist
                                                              3⤵
                                                              • Enumerates processes with tasklist
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:7680
                                                          • C:\Windows\system32\cmd.exe
                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                            2⤵
                                                              PID:628
                                                              • C:\Windows\system32\tasklist.exe
                                                                tasklist
                                                                3⤵
                                                                  PID:8576
                                                              • C:\Windows\system32\cmd.exe
                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                2⤵
                                                                  PID:3292
                                                                  • C:\Windows\system32\tasklist.exe
                                                                    tasklist
                                                                    3⤵
                                                                      PID:8360
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                    2⤵
                                                                      PID:3656
                                                                      • C:\Windows\system32\tasklist.exe
                                                                        tasklist
                                                                        3⤵
                                                                        • Enumerates processes with tasklist
                                                                        PID:8068
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                      2⤵
                                                                        PID:2852
                                                                        • C:\Windows\system32\tasklist.exe
                                                                          tasklist
                                                                          3⤵
                                                                          • Enumerates processes with tasklist
                                                                          PID:8128
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                        2⤵
                                                                          PID:4160
                                                                          • C:\Windows\system32\tasklist.exe
                                                                            tasklist
                                                                            3⤵
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:7764
                                                                        • C:\Windows\system32\cmd.exe
                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                          2⤵
                                                                            PID:1900
                                                                            • C:\Windows\system32\tasklist.exe
                                                                              tasklist
                                                                              3⤵
                                                                                PID:8560
                                                                            • C:\Windows\system32\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                              2⤵
                                                                                PID:4932
                                                                                • C:\Windows\system32\tasklist.exe
                                                                                  tasklist
                                                                                  3⤵
                                                                                  • Enumerates processes with tasklist
                                                                                  PID:7612
                                                                              • C:\Windows\system32\cmd.exe
                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                2⤵
                                                                                  PID:1680
                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                    tasklist
                                                                                    3⤵
                                                                                      PID:8136
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                    2⤵
                                                                                      PID:3712
                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                        tasklist
                                                                                        3⤵
                                                                                        • Enumerates processes with tasklist
                                                                                        PID:8104
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                      2⤵
                                                                                        PID:1652
                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                          tasklist
                                                                                          3⤵
                                                                                          • Enumerates processes with tasklist
                                                                                          PID:8184
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                        2⤵
                                                                                          PID:2236
                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                            tasklist
                                                                                            3⤵
                                                                                            • Enumerates processes with tasklist
                                                                                            PID:7804
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                          2⤵
                                                                                            PID:2620
                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                              tasklist
                                                                                              3⤵
                                                                                              • Enumerates processes with tasklist
                                                                                              PID:7940
                                                                                          • C:\Windows\system32\cmd.exe
                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                            2⤵
                                                                                              PID:1484
                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                tasklist
                                                                                                3⤵
                                                                                                • Enumerates processes with tasklist
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:7604
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                              2⤵
                                                                                                PID:4928
                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                  tasklist
                                                                                                  3⤵
                                                                                                    PID:7588
                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                  2⤵
                                                                                                    PID:3940
                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                      tasklist
                                                                                                      3⤵
                                                                                                      • Enumerates processes with tasklist
                                                                                                      PID:8096
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                    2⤵
                                                                                                      PID:4112
                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                        tasklist
                                                                                                        3⤵
                                                                                                        • Enumerates processes with tasklist
                                                                                                        PID:8112
                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                      2⤵
                                                                                                        PID:2028
                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                          tasklist
                                                                                                          3⤵
                                                                                                          • Enumerates processes with tasklist
                                                                                                          PID:8512
                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                        2⤵
                                                                                                          PID:832
                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                            tasklist
                                                                                                            3⤵
                                                                                                            • Enumerates processes with tasklist
                                                                                                            PID:7984
                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                          2⤵
                                                                                                            PID:3936
                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                              tasklist
                                                                                                              3⤵
                                                                                                                PID:8672
                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                              2⤵
                                                                                                                PID:1432
                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                  tasklist
                                                                                                                  3⤵
                                                                                                                  • Enumerates processes with tasklist
                                                                                                                  PID:8428
                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                2⤵
                                                                                                                  PID:1872
                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                    tasklist
                                                                                                                    3⤵
                                                                                                                    • Enumerates processes with tasklist
                                                                                                                    PID:8060
                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                  2⤵
                                                                                                                    PID:4760
                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                      tasklist
                                                                                                                      3⤵
                                                                                                                        PID:7812
                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                      2⤵
                                                                                                                        PID:1860
                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                          tasklist
                                                                                                                          3⤵
                                                                                                                          • Enumerates processes with tasklist
                                                                                                                          PID:8312
                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                        2⤵
                                                                                                                          PID:4536
                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                            tasklist
                                                                                                                            3⤵
                                                                                                                            • Enumerates processes with tasklist
                                                                                                                            PID:7892
                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                          2⤵
                                                                                                                            PID:1760
                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                              tasklist
                                                                                                                              3⤵
                                                                                                                                PID:8076
                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                              2⤵
                                                                                                                                PID:3500
                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                  tasklist
                                                                                                                                  3⤵
                                                                                                                                    PID:8008
                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                  2⤵
                                                                                                                                    PID:3728
                                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                                      tasklist
                                                                                                                                      3⤵
                                                                                                                                      • Enumerates processes with tasklist
                                                                                                                                      PID:7740
                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                    2⤵
                                                                                                                                      PID:3224
                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                        tasklist
                                                                                                                                        3⤵
                                                                                                                                          PID:8368
                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                        2⤵
                                                                                                                                          PID:2944
                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                            tasklist
                                                                                                                                            3⤵
                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                            PID:8340
                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                          2⤵
                                                                                                                                            PID:4480
                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                              tasklist
                                                                                                                                              3⤵
                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                              PID:7664
                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                            2⤵
                                                                                                                                              PID:3552
                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                tasklist
                                                                                                                                                3⤵
                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                PID:8504
                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                              2⤵
                                                                                                                                                PID:3724
                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                  tasklist
                                                                                                                                                  3⤵
                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                  PID:8304
                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                2⤵
                                                                                                                                                  PID:2564
                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                    tasklist
                                                                                                                                                    3⤵
                                                                                                                                                      PID:8420
                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                    2⤵
                                                                                                                                                      PID:4452
                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                        tasklist
                                                                                                                                                        3⤵
                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                        PID:7716
                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                      2⤵
                                                                                                                                                        PID:2928
                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                          tasklist
                                                                                                                                                          3⤵
                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                          PID:7176
                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                        2⤵
                                                                                                                                                          PID:4068
                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                            tasklist
                                                                                                                                                            3⤵
                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                            PID:8584
                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                          2⤵
                                                                                                                                                            PID:4428
                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                              tasklist
                                                                                                                                                              3⤵
                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                              PID:8496
                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                            2⤵
                                                                                                                                                              PID:212
                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                tasklist
                                                                                                                                                                3⤵
                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                PID:8272
                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4496
                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                  tasklist
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:8256
                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:4608
                                                                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                                                                      tasklist
                                                                                                                                                                      3⤵
                                                                                                                                                                      • Enumerates processes with tasklist
                                                                                                                                                                      PID:8328
                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:1800
                                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                                        tasklist
                                                                                                                                                                        3⤵
                                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                                        PID:7924
                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:4888
                                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                                          tasklist
                                                                                                                                                                          3⤵
                                                                                                                                                                            PID:7688
                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:4792
                                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                                              tasklist
                                                                                                                                                                              3⤵
                                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                                              PID:7884
                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:5044
                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                tasklist
                                                                                                                                                                                3⤵
                                                                                                                                                                                  PID:8688
                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:3748
                                                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                    tasklist
                                                                                                                                                                                    3⤵
                                                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                                                    PID:7788
                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:2720
                                                                                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                      tasklist
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:8320
                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:2844
                                                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                          tasklist
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Enumerates processes with tasklist
                                                                                                                                                                                          PID:7724
                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2600
                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                            tasklist
                                                                                                                                                                                            3⤵
                                                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                                                            PID:7596
                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:468
                                                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                              tasklist
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:8680
                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:748
                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                  • Enumerates processes with tasklist
                                                                                                                                                                                                  PID:7900
                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:2084
                                                                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                    tasklist
                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                                                                    PID:8288
                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:2032
                                                                                                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                      tasklist
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                      • Enumerates processes with tasklist
                                                                                                                                                                                                      PID:7956
                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:1368
                                                                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                        tasklist
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                        PID:7696
                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:4748
                                                                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                          tasklist
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                          • Enumerates processes with tasklist
                                                                                                                                                                                                          PID:8248
                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:4672
                                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                            tasklist
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                                                                            PID:8660
                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:2280
                                                                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                              tasklist
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                                                                              PID:8400
                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                              PID:2184
                                                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                tasklist
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                  PID:8384
                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                  PID:5124
                                                                                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                    tasklist
                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                    • Enumerates processes with tasklist
                                                                                                                                                                                                                    PID:8568
                                                                                                                                                                                                                • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                  C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:5144
                                                                                                                                                                                                                    • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                      tasklist
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Enumerates processes with tasklist
                                                                                                                                                                                                                      PID:8592
                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:5176
                                                                                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                        tasklist
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                                                                                        PID:8280
                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                        PID:5184
                                                                                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                          tasklist
                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                          • Enumerates processes with tasklist
                                                                                                                                                                                                                          PID:8444
                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:5200
                                                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                            tasklist
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                            • Enumerates processes with tasklist
                                                                                                                                                                                                                            PID:8296
                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                            PID:5216
                                                                                                                                                                                                                            • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                              tasklist
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                              • Enumerates processes with tasklist
                                                                                                                                                                                                                              PID:8412
                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:5244
                                                                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                tasklist
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:7672
                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                  PID:5256
                                                                                                                                                                                                                                  • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                    tasklist
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                      PID:8120
                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                      PID:5280
                                                                                                                                                                                                                                      • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                        tasklist
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                        • Enumerates processes with tasklist
                                                                                                                                                                                                                                        PID:7828
                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                        PID:5300
                                                                                                                                                                                                                                        • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                          tasklist
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                          • Enumerates processes with tasklist
                                                                                                                                                                                                                                          PID:8376
                                                                                                                                                                                                                                      • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                        C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                          PID:5316
                                                                                                                                                                                                                                          • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                            tasklist
                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                              PID:7932
                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:5340
                                                                                                                                                                                                                                              • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                                tasklist
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                • Enumerates processes with tasklist
                                                                                                                                                                                                                                                PID:8488
                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "net session"
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:5356
                                                                                                                                                                                                                                                • C:\Windows\system32\net.exe
                                                                                                                                                                                                                                                  net session
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                    PID:8436
                                                                                                                                                                                                                                                    • C:\Windows\system32\net1.exe
                                                                                                                                                                                                                                                      C:\Windows\system32\net1 session
                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                        PID:9564
                                                                                                                                                                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                    C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\bind\main.exe"
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                      PID:5376
                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "wmic csproduct get uuid"
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                        PID:5408
                                                                                                                                                                                                                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                                                                          wmic csproduct get uuid
                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                            PID:8084
                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "wmic OS get caption, osarchitecture | more +1"
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:5424
                                                                                                                                                                                                                                                            • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                                                                              wmic OS get caption, osarchitecture
                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                PID:8392
                                                                                                                                                                                                                                                              • C:\Windows\system32\more.com
                                                                                                                                                                                                                                                                more +1
                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                  PID:8608
                                                                                                                                                                                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                C:\Windows\system32\cmd.exe /d /s /c "wmic cpu get name | more +1"
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:11132
                                                                                                                                                                                                                                                                  • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                                                                                    wmic cpu get name
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                      PID:11172
                                                                                                                                                                                                                                                                    • C:\Windows\system32\more.com
                                                                                                                                                                                                                                                                      more +1
                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                        PID:11180
                                                                                                                                                                                                                                                                    • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                      C:\Windows\system32\cmd.exe /d /s /c "wmic PATH Win32_VideoController get name | more +1"
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                        PID:11228
                                                                                                                                                                                                                                                                        • C:\Windows\System32\Wbem\WMIC.exe
                                                                                                                                                                                                                                                                          wmic PATH Win32_VideoController get name
                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                          • Detects videocard installed
                                                                                                                                                                                                                                                                          PID:7136
                                                                                                                                                                                                                                                                        • C:\Windows\system32\more.com
                                                                                                                                                                                                                                                                          more +1
                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                            PID:5356
                                                                                                                                                                                                                                                                        • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                          C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                            PID:3276
                                                                                                                                                                                                                                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                              powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                              PID:10984
                                                                                                                                                                                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                            C:\Windows\system32\cmd.exe /d /s /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName"
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:5428
                                                                                                                                                                                                                                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                                powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion' -Name ProductName
                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                                                                                                PID:11144
                                                                                                                                                                                                                                                                            • C:\Windows\system32\cmd.exe
                                                                                                                                                                                                                                                                              C:\Windows\system32\cmd.exe /d /s /c "tasklist"
                                                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                                                PID:10892
                                                                                                                                                                                                                                                                                • C:\Windows\system32\tasklist.exe
                                                                                                                                                                                                                                                                                  tasklist
                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                    PID:9632

                                                                                                                                                                                                                                                                              Network

                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                dnsgoogle
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                104.219.191.52.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                104.219.191.52.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                g.bing.com
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                g.bing.com
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                g.bing.com
                                                                                                                                                                                                                                                                                IN CNAME
                                                                                                                                                                                                                                                                                g-bing-com.dual-a-0034.a-msedge.net
                                                                                                                                                                                                                                                                                g-bing-com.dual-a-0034.a-msedge.net
                                                                                                                                                                                                                                                                                IN CNAME
                                                                                                                                                                                                                                                                                dual-a-0034.a-msedge.net
                                                                                                                                                                                                                                                                                dual-a-0034.a-msedge.net
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                204.79.197.237
                                                                                                                                                                                                                                                                                dual-a-0034.a-msedge.net
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                13.107.21.237
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                0.205.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                0.205.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                0.205.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                https-87-248-205-0lgwllnwnet
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                76.32.126.40.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                76.32.126.40.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                237.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                237.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                194.61.62.23.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                194.61.62.23.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                194.61.62.23.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                a23-62-61-194deploystaticakamaitechnologiescom
                                                                                                                                                                                                                                                                              • flag-nl
                                                                                                                                                                                                                                                                                GET
                                                                                                                                                                                                                                                                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                23.62.61.194:443
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                                                                                                                                                host: www.bing.com
                                                                                                                                                                                                                                                                                accept: */*
                                                                                                                                                                                                                                                                                cookie: MUID=31C7C1021D776FBE3724D5851C506E97; _EDGE_S=SID=2405BE44247067413E2AAAC325D366B1; MSPTC=T93iNFZigUqGMey3Bl1ECGbIK57vMoFruPIo6DNnNsU; MUIDB=31C7C1021D776FBE3724D5851C506E97
                                                                                                                                                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                HTTP/2.0 200
                                                                                                                                                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                                                                                                                                                content-type: image/png
                                                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
                                                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                content-length: 1107
                                                                                                                                                                                                                                                                                date: Wed, 22 May 2024 00:48:45 GMT
                                                                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=93600
                                                                                                                                                                                                                                                                                x-cdn-traceid: 0.be3d3e17.1716338925.fdd9284
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                www.google.com
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                www.google.com
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                www.google.com
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                142.250.187.196
                                                                                                                                                                                                                                                                              • flag-gb
                                                                                                                                                                                                                                                                                GET
                                                                                                                                                                                                                                                                                http://www.google.com/
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                142.250.187.196:80
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                GET / HTTP/1.1
                                                                                                                                                                                                                                                                                Accept: application/json, text/plain, */*
                                                                                                                                                                                                                                                                                User-Agent: axios/0.27.2
                                                                                                                                                                                                                                                                                Host: www.google.com
                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                HTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                Date: Wed, 22 May 2024 00:48:48 GMT
                                                                                                                                                                                                                                                                                Expires: -1
                                                                                                                                                                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                                                                                                                                                                Content-Type: text/html; charset=ISO-8859-1
                                                                                                                                                                                                                                                                                Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-NdLMwI9E7_z_GaSE055bpQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
                                                                                                                                                                                                                                                                                Server: gws
                                                                                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                Set-Cookie: AEC=AQTF6Hye4h1eQrfyrv76TuR4YfYJUkLvjdCeRNRDa7F-P3nusNJleTZVwjo; expires=Mon, 18-Nov-2024 00:48:48 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                                                                                                                                                                                                                                                                Accept-Ranges: none
                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                196.187.250.142.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                196.187.250.142.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                196.187.250.142.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                lhr25s33-in-f41e100net
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                8.8.4.4
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                8.8.8.8
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                IN Unknown
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                4.4.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                4.4.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                4.4.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                dnsgoogle
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                ipinfo.io
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                ipinfo.io
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                ipinfo.io
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                34.117.186.192
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                192.186.117.34.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                192.186.117.34.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                192.186.117.34.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                19218611734bcgoogleusercontentcom
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                103.169.127.40.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                103.169.127.40.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                198.187.3.20.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                198.187.3.20.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                0.204.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                0.204.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                0.204.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                https-87-248-204-0lhrllnwnet
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                43.58.199.20.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                43.58.199.20.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                13.227.111.52.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                13.227.111.52.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                172.210.232.199.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                172.210.232.199.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                                                                                                                                                IN CNAME
                                                                                                                                                                                                                                                                                mm-mm.bing.net.trafficmanager.net
                                                                                                                                                                                                                                                                                mm-mm.bing.net.trafficmanager.net
                                                                                                                                                                                                                                                                                IN CNAME
                                                                                                                                                                                                                                                                                dual-a-0001.a-msedge.net
                                                                                                                                                                                                                                                                                dual-a-0001.a-msedge.net
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                204.79.197.200
                                                                                                                                                                                                                                                                                dual-a-0001.a-msedge.net
                                                                                                                                                                                                                                                                                IN A
                                                                                                                                                                                                                                                                                13.107.21.200
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                GET
                                                                                                                                                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                204.79.197.200:443
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                GET /th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                accept: */*
                                                                                                                                                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                HTTP/2.0 200
                                                                                                                                                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                                                                                                                                                content-length: 329579
                                                                                                                                                                                                                                                                                content-type: image/jpeg
                                                                                                                                                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                x-msedge-ref: Ref A: DAA966C0DC7F465A997F20366F2C77ED Ref B: LON04EDGE0907 Ref C: 2024-05-22T00:50:23Z
                                                                                                                                                                                                                                                                                date: Wed, 22 May 2024 00:50:23 GMT
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                GET
                                                                                                                                                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                204.79.197.200:443
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                GET /th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
                                                                                                                                                                                                                                                                                host: tse1.mm.bing.net
                                                                                                                                                                                                                                                                                accept: */*
                                                                                                                                                                                                                                                                                accept-encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                HTTP/2.0 200
                                                                                                                                                                                                                                                                                cache-control: public, max-age=2592000
                                                                                                                                                                                                                                                                                content-length: 381531
                                                                                                                                                                                                                                                                                content-type: image/jpeg
                                                                                                                                                                                                                                                                                x-cache: TCP_HIT
                                                                                                                                                                                                                                                                                access-control-allow-origin: *
                                                                                                                                                                                                                                                                                access-control-allow-headers: *
                                                                                                                                                                                                                                                                                access-control-allow-methods: GET, POST, OPTIONS
                                                                                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                                                                                report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
                                                                                                                                                                                                                                                                                nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
                                                                                                                                                                                                                                                                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                                                                                x-msedge-ref: Ref A: E867AA018EC240C6B672A8B7B69F0982 Ref B: LON04EDGE0907 Ref C: 2024-05-22T00:50:23Z
                                                                                                                                                                                                                                                                                date: Wed, 22 May 2024 00:50:23 GMT
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                200.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                200.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                                200.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                a-0001a-msedgenet
                                                                                                                                                                                                                                                                              • flag-us
                                                                                                                                                                                                                                                                                DNS
                                                                                                                                                                                                                                                                                170.117.168.52.in-addr.arpa
                                                                                                                                                                                                                                                                                Remote address:
                                                                                                                                                                                                                                                                                8.8.8.8:53
                                                                                                                                                                                                                                                                                Request
                                                                                                                                                                                                                                                                                170.117.168.52.in-addr.arpa
                                                                                                                                                                                                                                                                                IN PTR
                                                                                                                                                                                                                                                                                Response
                                                                                                                                                                                                                                                                              • 23.62.61.194:443
                                                                                                                                                                                                                                                                                https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
                                                                                                                                                                                                                                                                                tls, http2
                                                                                                                                                                                                                                                                                1.6kB
                                                                                                                                                                                                                                                                                 6.4kB
                                                                                                                                                                                                                                                                                 16
                                                                                                                                                                                                                                                                                12

                                                                                                                                                                                                                                                                                HTTP Request

                                                                                                                                                                                                                                                                                GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

                                                                                                                                                                                                                                                                                HTTP Response

                                                                                                                                                                                                                                                                                200
                                                                                                                                                                                                                                                                              • 204.79.197.237:443
                                                                                                                                                                                                                                                                                g.bing.com
                                                                                                                                                                                                                                                                                tls
                                                                                                                                                                                                                                                                                2.5kB
                                                                                                                                                                                                                                                                                 9.0kB
                                                                                                                                                                                                                                                                                 20
                                                                                                                                                                                                                                                                                16
                                                                                                                                                                                                                                                                              • 23.62.61.194:443
                                                                                                                                                                                                                                                                                www.bing.com
                                                                                                                                                                                                                                                                                tls
                                                                                                                                                                                                                                                                                1.4kB
                                                                                                                                                                                                                                                                                 5.3kB
                                                                                                                                                                                                                                                                                 16
                                                                                                                                                                                                                                                                                11
                                                                                                                                                                                                                                                                              • 142.250.187.196:80
                                                                                                                                                                                                                                                                                http://www.google.com/
                                                                                                                                                                                                                                                                                http
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                680 B
                                                                                                                                                                                                                                                                                 22.0kB
                                                                                                                                                                                                                                                                                 12
                                                                                                                                                                                                                                                                                19

                                                                                                                                                                                                                                                                                HTTP Request

                                                                                                                                                                                                                                                                                GET http://www.google.com/

                                                                                                                                                                                                                                                                                HTTP Response

                                                                                                                                                                                                                                                                                200
                                                                                                                                                                                                                                                                              • 8.8.4.4:443
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                tls
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                1.6kB
                                                                                                                                                                                                                                                                                 7.0kB
                                                                                                                                                                                                                                                                                 15
                                                                                                                                                                                                                                                                                14
                                                                                                                                                                                                                                                                              • 34.117.186.192:443
                                                                                                                                                                                                                                                                                ipinfo.io
                                                                                                                                                                                                                                                                                tls
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                841 B
                                                                                                                                                                                                                                                                                 4.8kB
                                                                                                                                                                                                                                                                                 8
                                                                                                                                                                                                                                                                                10
                                                                                                                                                                                                                                                                              • 204.79.197.200:443
                                                                                                                                                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                                                                                                                                                tls, http2
                                                                                                                                                                                                                                                                                1.2kB
                                                                                                                                                                                                                                                                                 8.1kB
                                                                                                                                                                                                                                                                                 16
                                                                                                                                                                                                                                                                                14
                                                                                                                                                                                                                                                                              • 204.79.197.200:443
                                                                                                                                                                                                                                                                                https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
                                                                                                                                                                                                                                                                                tls, http2
                                                                                                                                                                                                                                                                                25.9kB
                                                                                                                                                                                                                                                                                 743.6kB
                                                                                                                                                                                                                                                                                 546
                                                                                                                                                                                                                                                                                543

                                                                                                                                                                                                                                                                                HTTP Request

                                                                                                                                                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239371372355_1WLRVFTZ079W9XPFC&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

                                                                                                                                                                                                                                                                                HTTP Request

                                                                                                                                                                                                                                                                                GET https://tse1.mm.bing.net/th?id=OADD2.10239371372356_1N2G93XRLJ1Y5GWC9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

                                                                                                                                                                                                                                                                                HTTP Response

                                                                                                                                                                                                                                                                                200

                                                                                                                                                                                                                                                                                HTTP Response

                                                                                                                                                                                                                                                                                200
                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                8.8.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                66 B
                                                                                                                                                                                                                                                                                 90 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                8.8.8.8.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                104.219.191.52.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 147 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                104.219.191.52.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                g.bing.com
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                56 B
                                                                                                                                                                                                                                                                                 151 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                g.bing.com

                                                                                                                                                                                                                                                                                DNS Response

                                                                                                                                                                                                                                                                                204.79.197.237
                                                                                                                                                                                                                                                                                13.107.21.237

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                0.205.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 116 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                0.205.248.87.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                76.32.126.40.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 157 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                76.32.126.40.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                237.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 143 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                237.197.79.204.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                194.61.62.23.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 135 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                194.61.62.23.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                www.google.com
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                60 B
                                                                                                                                                                                                                                                                                 76 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                www.google.com

                                                                                                                                                                                                                                                                                DNS Response

                                                                                                                                                                                                                                                                                142.250.187.196

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                196.187.250.142.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                74 B
                                                                                                                                                                                                                                                                                 112 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                196.187.250.142.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                56 B
                                                                                                                                                                                                                                                                                 88 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                dns.google

                                                                                                                                                                                                                                                                                DNS Response

                                                                                                                                                                                                                                                                                8.8.4.4
                                                                                                                                                                                                                                                                                8.8.8.8

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                dns.google
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                56 B
                                                                                                                                                                                                                                                                                 132 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                dns.google

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                4.4.8.8.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                66 B
                                                                                                                                                                                                                                                                                 90 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                4.4.8.8.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                ipinfo.io
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                discordapp.exe
                                                                                                                                                                                                                                                                                55 B
                                                                                                                                                                                                                                                                                 71 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                ipinfo.io

                                                                                                                                                                                                                                                                                DNS Response

                                                                                                                                                                                                                                                                                34.117.186.192

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                192.186.117.34.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 126 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                192.186.117.34.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                196.249.167.52.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 147 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                196.249.167.52.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                103.169.127.40.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 147 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                103.169.127.40.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                198.187.3.20.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 157 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                198.187.3.20.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                0.204.248.87.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 116 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                0.204.248.87.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                43.58.199.20.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                71 B
                                                                                                                                                                                                                                                                                 157 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                43.58.199.20.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                13.227.111.52.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                72 B
                                                                                                                                                                                                                                                                                 158 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                13.227.111.52.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                172.210.232.199.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                74 B
                                                                                                                                                                                                                                                                                 128 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                172.210.232.199.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                tse1.mm.bing.net
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                62 B
                                                                                                                                                                                                                                                                                 173 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                tse1.mm.bing.net

                                                                                                                                                                                                                                                                                DNS Response

                                                                                                                                                                                                                                                                                204.79.197.200
                                                                                                                                                                                                                                                                                13.107.21.200

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                200.197.79.204.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 106 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                200.197.79.204.in-addr.arpa

                                                                                                                                                                                                                                                                              • 8.8.8.8:53
                                                                                                                                                                                                                                                                                170.117.168.52.in-addr.arpa
                                                                                                                                                                                                                                                                                dns
                                                                                                                                                                                                                                                                                73 B
                                                                                                                                                                                                                                                                                 147 B
                                                                                                                                                                                                                                                                                 1
                                                                                                                                                                                                                                                                                1

                                                                                                                                                                                                                                                                                DNS Request

                                                                                                                                                                                                                                                                                170.117.168.52.in-addr.arpa

                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                              Downloads

                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                2KB

                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                6cf293cb4d80be23433eecf74ddb5503

                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                24fe4752df102c2ef492954d6b046cb5512ad408

                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                64B

                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                5caad758326454b5788ec35315c4c304

                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                3aef8dba8042662a7fcf97e51047dc636b4d4724

                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                83e613b6dc8d70e3bb67c58535e014f58f3e8b2921e93b55137d799fc8c56391

                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                4e0d443cf81e2f49829b0a458a08294bf1bdc0e38d3a938fb8274eeb637d9a688b14c7999dd6b86a31fcec839a9e8c1a9611ed0bbae8bd59caa9dba1e8253693

                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\90ca23d5-261a-475b-8e6b-e640f8e5c53d.tmp.node
                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                1.4MB

                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                56192831a7f808874207ba593f464415

                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                e0c18c72a62692d856da1f8988b0bc9c8088d2aa

                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                6aa8763714aa5199a4065259af792292c2a7d6a2c381aa27007255421e5c9d8c

                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                c82aa1ef569c232b4b4f98a3789f2390e5f7bf5cc7e73d199fe23a3f636817edfdc2fb49ce7f69169c028a9dd5ab9f63e8f64964bb22424fc08db71e85054a33

                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0c1ebdbo.kmo.ps1
                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                60B

                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\ec872bff-e483-4e95-b76b-6ba8d41cabe3.tmp.node
                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                151KB

                                                                                                                                                                                                                                                                                MD5

                                                                                                                                                                                                                                                                                0c2337c54bb3970114f6caa6dd53c103

                                                                                                                                                                                                                                                                                SHA1

                                                                                                                                                                                                                                                                                7de94811f6a6fbe372e586503c6872dfeeb1068f

                                                                                                                                                                                                                                                                                SHA256

                                                                                                                                                                                                                                                                                500982b9fd29d69f0bb6ce1234ee5ca3fa52896e5ac8ec84df6223ea93041a80

                                                                                                                                                                                                                                                                                SHA512

                                                                                                                                                                                                                                                                                1feebb1f57f163a13c69f15cec37c3bb27c9e428c3f828548f336ea256a0c6aa4aa343f86b59cd5aa921a7620aa85df63e1446f62fd5e04fd607b19caddfbf2e

                                                                                                                                                                                                                                                                                Download Submit

                                                                                                                                                                                                                                                                              • memory/10984-26-0x000002A632560000-0x000002A632582000-memory.dmp

                                                                                                                                                                                                                                                                                Filesize

                                                                                                                                                                                                                                                                                136KB

                                                                                                                                                                                                                                                                                Download

                                                                                                                                                                                                                                                                              We care about your privacy.

                                                                                                                                                                                                                                                                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.