discordrat | 5cab24892fa5986610cc799a122b16d853aa6654a524322514ca0176b5028fd5

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
23-05-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

0e8e58e08f0b9c5a95f288a560b871f3
SHA1

fc937d77e49873323493b28654002093d7dd37bf
SHA256

5cab24892fa5986610cc799a122b16d853aa6654a524322514ca0176b5028fd5
SHA512

720a5e4cf68a124824ddfbc7e9926d8233a49ca7d405219fa8f4ee294a1f60ed043ab205fb865c68a0ac969920c3a3b4c269af6b7a3a6a678f0456453c30643f
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwMDgyMDAzNTUxODcyNjMwNg.GGP9O6.2b4TN5Py_ZoLGGTsEHDM6GPQo0YwssX0RJqa3U
server_id
1200821240789745706

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

ReksFN_Launcher.exe

pid process

3188 ReksFN_Launcher.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

1 discord.com
4 discord.com
6 discord.com
7 discord.com
8 discord.com
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

116 api.ipify.org
124 api.ipify.org
197 api.ipify.org
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3188	ReksFN_Launcher.exe

flow	ioc
1	discord.com
4	discord.com
6	discord.com
7	discord.com
8	discord.com

flow	ioc
116	api.ipify.org
124	api.ipify.org
197	api.ipify.org

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Control Panel 1 IoCs
evasion

Processes:

ReksFN_Launcher.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Control Panel\Colors ReksFN_Launcher.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000\Control Panel\Colors	ReksFN_Launcher.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609574360346873"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1696768468-2170909707-4198977321-1000\{48BC319F-4E7C-4805-969F-A77E71BCD709}	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\ReksFN_Launcher.exe:Zone.Identifier chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\ReksFN_Launcher.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exeReksFN_Launcher.exemsedge.exemsedge.exe

pid	process
4120	chrome.exe
4120	chrome.exe
3188	ReksFN_Launcher.exe
3188	ReksFN_Launcher.exe
3188	ReksFN_Launcher.exe
3188	ReksFN_Launcher.exe
104	msedge.exe
104	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	3104	Client-built.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: 33	388	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	388	AUDIODG.EXE
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe
Token: SeCreatePagefilePrivilege	4120	chrome.exe
Token: SeShutdownPrivilege	4120	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4120 wrote to memory of 508	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 508	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3156	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3880	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3880	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe
PID 4120 wrote to memory of 3176	4120	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbd7d2ab58,0x7ffbd7d2ab68,0x7ffbd7d2ab78
2⤵
PID:508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:2
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:4608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4976 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3400 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5068 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3288 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4652 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3368 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5332 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5480 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:3860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4264 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3456 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4320 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5792 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:1
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:3844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:1860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
- NTFS ADS
PID:1900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6472 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6556 --field-trial-handle=1760,i,397657950857196452,11703628391763804147,131072 /prefetch:8
2⤵
PID:968

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:388

C:\Users\Admin\Downloads\ReksFN_Launcher.exe
"C:\Users\Admin\Downloads\ReksFN_Launcher.exe"
1⤵
- Executes dropped EXE
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/411440/reksfn-key-generator
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbd6653cb8,0x7ffbd6653cc8,0x7ffbd6653cd8
3⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
3⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
3⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
3⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
3⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
3⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,11044176300393059318,14142118496725222339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
3⤵
PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3f97379e847921e79166d641e86cf3bc

SHA1
e64dca2cd4c01dde09dcbc4d1104d0e9e12ced68

SHA256
eeb923e39d550602fff92f61c07698d61ace0dd2651f2f82947f1bdd71c5d307

SHA512
d6ca474253a1406d0177ea90d3296df0156fb30589bb8d748fd57f544949bacdc87e64c53f73ebc31ac300fca7f64a4a3d3d1bc74a2b21feb651b0553f89a541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e6b11e51333a52f504d01003dfaf6e1a

SHA1
be31fac46ecf48da63e1c9715b2f6d9b94be04e6

SHA256
e9a3a70af10fd3ccecadab366684e40d515e0c0c20abdcd39ebe1678b7740f20

SHA512
85effed32627d7f64e2f401c2fdda706ace41e0eddd9f67e5ef94e8175e83f625d07cf1042602c27041caaa270583ba303bb6ee2844f6109fa0e8755f0f72143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_redaa.dwhitdoedsrag.org_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
8KB

MD5
456755af476869d57bcbba481dce4a70

SHA1
3fedb94ad91d5ffded8bba5e7f7db4a61ae086f5

SHA256
0edbfe907f829ab4bd326089b2bfca52b823e60bd555c8dc35068d224623d3bc

SHA512
6fa77d9f5ff51ce03844ea406b1e5d7a94b8a50853a25cd8525d4d5877f7168452e2a7e770ad7e82cbe6fbcf2a0e4bb659a9f8cf6ac8f7d770c0bbedaebd3c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
8c8f51565875c120a415254b9a5f8145

SHA1
6b6053854a539edbc54ec0c37463df9b2fb1feb3

SHA256
a71d4632fe47299c6605eaa43c399ee8722468e456dc1bcea695a90996a03975

SHA512
ff557499f98a10306bc1151a6f0fd36388f2e42269b2f9d9638634d8be91bffc15b3edb8dd4dae8a42b6448b6b05f3bd31d37461833f329b934ace91a8875842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d024fdbcfd08ccfe5794f7f23f54247b

SHA1
5723cb5c0a55c0e03ae69ba900e3a8b631e7f9cf

SHA256
ac9166783d0a1ded2dc7c635a14023d6c164ef4a021224f91d878515b18eebd6

SHA512
927c08663c0c3221f88e68624ddf20eaa58c35a5c9cbd20be9dd798d4691eb4db422bebe6d563729d2aa82a4ef808a16cd093b7a7bf24364c194a1dc21def420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
5d269c6a6ccdb21d4bfe42255d11d568

SHA1
01acfaef96f86a26bd69846b90c6f3a2b6f97754

SHA256
c1b6e337e5f0dbe191d5759da117e114aa10f0d975b8af7ecc12653cb0626a37

SHA512
9d2ea41d2039c8a36f5d0d8e92d1661f4ce4c9f5c4f459eabe2187cc4bf754a847f7ccee6036893349d7e38fa4d66de611c143b464e051b9f84472f07f45cc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
29f28b95341ebd5fc3fa7d87b7c907e5

SHA1
7fd8ebf922723cfe34c454ddda72d8e54492c594

SHA256
f3d0c2d5f089b82af4418e37d88bf112cfd128ae00dcc1ce5301c156f86418a9

SHA512
ec233fdd423ff192f6e8814410835c8389132d22ff39fdc6708ce0183b35f18d9deee4e7e8b8c76dabc90c08bb0594228b86bc579046b6ac063e6434ccf67c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
5a3a40e5bb2f76a06925f1d36b445dde

SHA1
284de5c8f8a24b580fa0118181ce54a3f932e3f2

SHA256
9cefce3f2f5de992bf9d7cfa2f2ca9c1434fdfdbcf4a04d0baa39c66d83aed38

SHA512
6b07f357243f7a433b6d9a3e451224576c9b24b6196d197a02d4a1c1b9647ac03820de62c61dab77758a558c36157a51752b3fa3b15e7efb595dee133eb4c307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
337d87fd6225a46b7222f44ff78bec51

SHA1
4e2f2300bdc908aa0177a9ed3a2ec7cdd5796556

SHA256
cff4905aee86858e55df8f2d70b740c5f59879aecb764c6c7ccf7a4b3a7dbc8b

SHA512
94a62f0c19d943411fcc89dfaf4ac472e38744a016b1d3c47f61de1414edf59f5b9d584491c0b9b30407f9c164fef879d6cffd377707fcd9321b9dfec973fe35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dedfcdd3f00db0af85bbe9cecd81b8de

SHA1
027d187c4f9ec7160a8faebd37846f8ce70fe10e

SHA256
ab7e44ed0740e482a91c65de7594db27e461d3070c5f139172169f0c856471b6

SHA512
725d7def980b1b1e877d589c094f76bd736cd750e9290c2dc452b67434d494c1a9e08a49082a2f0e7d049304c29a1ec6d4ca1a0ad1c0a90a610cb657f8188cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
40e37ee17ba0e1d833eaa6ffe1dacba7

SHA1
52e32d9d22b027f361f821bd965f0bf8d84d28e5

SHA256
f3cb60c2eeaabc386b72a2b298a5f866aa9c66c2c39d29147df944d4371c44fc

SHA512
b5ce3f04dd758f6b234165773daf5b94adcdc01ab6266048b3ec8150b8152d97457e906e42dd0820f3b3cf50699368e75cecfe37a03caefe572cfef9a7f40e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
b6f48def1ad0dc727f479ce8ffec8a6b

SHA1
488a3d7c23f20d7c90d9cd3010d31836d67b4028

SHA256
88b9c140ca5cdbc682401e0cd009ef606ef17510c596d69c12b629f720543aec

SHA512
ff657c31fa12c36894ac6002bbc33c3263739b9727aa255687ff9299087d47b2a6b390cd0bb6ce588b992c245e497f5e9178de97bec3c72a2d696160dd9f3a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ff6e.TMP
Filesize
120B

MD5
c34ce52a94feab3c721bec54a68d9f69

SHA1
b3db52670fbc3482a855cfcb7b580cafe10a0261

SHA256
c5b99e12e925df5c8d9286f562abb56383a0f6324576f67c906f3fe17f921674

SHA512
ff5a133a59527abd1f6b090972dd05839045277c983348007aca231ed57e2becd456bbc93fefb537c9389bacd08f118596365f6d79827c24d3cd96cba9113e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
144B

MD5
ca44d6740c663a8a7ec13b0fa8dfa4bd

SHA1
5996e52574d2b9bc386f76fec110f378ced99583

SHA256
6307b9f9da5013a0dbb92962978e08432b289fd0859ad79d9eb19d959cac9649

SHA512
3e03d330e30fc8d6b10e28b3cd250e0ed864dbedbd3e41a357309e26d9ee96c30282c0e01ae8088845f2e7dee248cdb8f5c8d669d3c50c00aa5674e2fb0c6917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
3a1b2303294fc31c10617e729c361af5

SHA1
813c75a3988be58d6efedaf858d31e94ab0a24da

SHA256
ce100df5612d8272c4ee3dc20e3bfa4e2a325d5fc700a22ab7796e849069b02b

SHA512
9f130e1b9c115f23a12f6a0b08c10ebb6dc191ca4184b73674270b5160198628d57787e7560935bad01217311f0936a677e46b5be8bf239b9129b6a350e708f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
8fb1774cec904b40414c413740cb9601

SHA1
425730a9cdf334514c0b31b2e184002fba497939

SHA256
c016d9954a56b95b6a9aeb10f255f18e288eddd32508ff178c8ac515ab9576c1

SHA512
288cd02d247d2a57a08d444ccd58138e588e50a1a7f4704f696732fa6067e868d9fcf029ad358e645f0b96248af40621688f721ac7388dd38d4e8c51c4ebda74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
fec851a439eecf20e6fe3498e4459b9e

SHA1
7b928003b33521e8d72cc7dc6972ce801bb8d8fd

SHA256
35971b15726202a1b17c12d6ad099a3ef234155c53e258eca016838dcdc7cf97

SHA512
3ec7d4e272baa421382feb1b8ffbc00600098d1c2e26ae19d68c2d4e14aeaa756b54e37de64837b59104522d125ee63f983d1b668763a87b64b80733738ad5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
6e006a3de391ff06ffdbdb9a69b8c750

SHA1
a34bf36819a823c307fddc8dbce21cb9372b75d9

SHA256
e3b98e8ad05857b1ecc5f2560896c1f653c3643982a61aaa15d802344320bbee

SHA512
a976783b6eedb43f066249c4ea35b25f0d868991d7eec67a95f4b3d4319a623b88590347a1d66b841bdf44d22539bef8f3f0b00b5e9294d99abcb0dcbb8f5f28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
fb414fe838abab3ad1d9311574afba43

SHA1
084913260bba8a4c6253a3edebd073245e4ed95c

SHA256
273eae3481183397ed474c4ee65843210c8331fb4508a11e9ed5971d3d042dc3

SHA512
acf37b34fb0a5139b82bbce79dad2348668da2e1725fa188ab0370a173db5ea364d487e80b0e7ac5a385c6bf4d3986d0af314714d7b17f23289298d7a84ddfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
83KB

MD5
17485ae9ad007d50f21a0dfa9099b1ac

SHA1
2d230c32f0dffa1282e6c71b1fac9935dfb1becf

SHA256
7aaeedaf35aee9389d975e9acd6db1c8173c6c6f7c40473f95b56f099b6563f9

SHA512
4f240b2fa8c79e0f8fee8685dc1a8bf44ce676e85eae62df06f6bd9079f5522310bacf0de01523e45230fabed8751beec6e0ebc2a97cebd71e854bfb2e70acd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588eed.TMP
Filesize
83KB

MD5
329096d4f4bd8ae402e1d1fa02a58762

SHA1
c87ba8bcd5504a9c9a7e24c5eddcf49820844b42

SHA256
885fae86992fd313e47038fffb9d08f1f682f860bbf56a5b9b993f6ec23cdcc6

SHA512
1de0f1063970110b26b1d3f201064a1d28bc2e4588a6b95b8c5caa8594dca842452536deedaaa280a737fbe1ddecbe26171ac0951dde810522ff3f270820f24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3ffe606d-1d6b-461c-ac4e-bf494110ed61.tmp
Filesize
5KB

MD5
7f06c5504b174c16992a4e465b64703d

SHA1
dd193a10b7a4c45c89e0535f6ca11f0ee68b1821

SHA256
f49d49953c7ef0e24e6649c995fa9f52edc442f46c291ec794885f184e5dcc94

SHA512
354ea68af08314897fa8a32c078cd41097e9fde4325eead2c211feeaf6628e6c253c9355bd2d87cbe0a2ee36091576629bd4bc42f081252a470f0c4ea7cc7559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
19KB

MD5
b776233322697ee26b8834e35359764d

SHA1
327a743d304c4b27f243a5d4738c401e5dec3e24

SHA256
15e5a253f62978e07e4823d23bb97d956099ccde8704fdd38aba02b11cf7e40d

SHA512
73eec5c89887b99f089c610826dbe273a86f9f4c0f5f0f987d87b7d9ed12e78a1cb5741d30d23d21aff6536dc34a1258cb3eda9a811d2294e96af4fcda1637a5

Download Submit
C:\Users\Admin\AppData\Local\ReksFN\ReksFN_Launcher.exe_Url_3ylwxo5igj0zpkbwal5dc22lep4kxxpp\1.0.0.0\user.config
Filesize
836B

MD5
49a79e2a079b2a5b165f348667d3330e

SHA1
a937e3f665bfc29b3d78cfaee867172b8ca878b1

SHA256
430563bea400f6b9165f4791b62c9d53e0d678338336a7a1d874e683a7284e5a

SHA512
f45ddb2f44a0c522fdb36dc0082d7dd2b3365ffb015f0e9752e5efc1ec6f198d3e911f98b5297d4215fc369d5197de854b24da5d8a5e5c842f4f5944613b2cbe

Download Submit
C:\Users\Admin\AppData\Local\ReksFN\ReksFN_Launcher.exe_Url_3ylwxo5igj0zpkbwal5dc22lep4kxxpp\1.0.0.0\user.config
Filesize
960B

MD5
9eb2a1655ae474d8a9d80536605ce82e

SHA1
aaeffbc7a3fe97f399c1916589c1ce0c8835751a

SHA256
6a57d0a5981cf02bf81073a5db76b541e51f0006ea66e576ef27e1dc85542bdf

SHA512
a8af7331ff275515b64be05931bee488f35fdb2ee51dad41804d377dac942bff28287b10d4abe5c69dddad03fb96d1eb383a4504895f9fd096e2e103da77f322

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pn4gjtms.v2z.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\ReksFN_Launcher.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 175267.crdownload
Filesize
6.4MB

MD5
a4c9c9167320c51e7bca584bef0e6902

SHA1
b47ca6eb1cb494f24ac8b0fd8c82ccca5a0fa40e

SHA256
0c0ca7f1cc4aea340540aa420c481c15fa6cee6482fdac9d1143ece6feaf3be1

SHA512
eaa0d9b7812b9f21c2ef16fd4b4597e6979ad6584a2bf05717a128559dd768d075f9e6d297630e4b815bdec0e41771cfc31455bd1e235d4d88881df1032319c6

Download Submit
\??\pipe\crashpad_4120_LKHYASMOOZGRPYKU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3104-3-0x00007FFBDD3B0000-0x00007FFBDDE72000-memory.dmp

Filesize
10.8MB

Download
memory/3104-2-0x000002903F290000-0x000002903F452000-memory.dmp

Filesize
1.8MB

Download
memory/3104-1-0x00007FFBDD3B3000-0x00007FFBDD3B5000-memory.dmp

Filesize
8KB

Download
memory/3104-4-0x0000029040510000-0x0000029040A38000-memory.dmp

Filesize
5.2MB

Download
memory/3104-5-0x00007FFBDD3B0000-0x00007FFBDDE72000-memory.dmp

Filesize
10.8MB

Download
memory/3104-0-0x0000029024B40000-0x0000029024B58000-memory.dmp

Filesize
96KB

Download
memory/3188-587-0x0000011569FA0000-0x000001156A3D6000-memory.dmp

Filesize
4.2MB

Download
memory/3188-593-0x000001156A630000-0x000001156A6E4000-memory.dmp

Filesize
720KB

Download
memory/3188-594-0x0000011569710000-0x000001156972A000-memory.dmp

Filesize
104KB

Download
memory/3188-595-0x000001156A9E0000-0x000001156AA92000-memory.dmp

Filesize
712KB

Download
memory/3188-596-0x0000011569930000-0x000001156993E000-memory.dmp

Filesize
56KB

Download
memory/3188-597-0x000001156D770000-0x000001156D7E6000-memory.dmp

Filesize
472KB

Download
memory/3188-598-0x000001156D080000-0x000001156D088000-memory.dmp

Filesize
32KB

Download
memory/3188-601-0x000001156D6F0000-0x000001156D6F8000-memory.dmp

Filesize
32KB

Download
memory/3188-602-0x000001156CF90000-0x000001156CFC6000-memory.dmp

Filesize
216KB

Download
memory/3188-603-0x000001156D010000-0x000001156D032000-memory.dmp

Filesize
136KB

Download
memory/3188-591-0x0000011550DD0000-0x0000011550DD8000-memory.dmp

Filesize
32KB

Download
memory/3188-592-0x0000011550DE0000-0x0000011550DEA000-memory.dmp

Filesize
40KB

Download
memory/3188-590-0x0000011569740000-0x0000011569766000-memory.dmp

Filesize
152KB

Download
memory/3188-623-0x000001156DA10000-0x000001156DA48000-memory.dmp

Filesize
224KB

Download
memory/3188-589-0x000001156A490000-0x000001156A578000-memory.dmp

Filesize
928KB

Download
memory/3188-588-0x000001156A3D0000-0x000001156A48A000-memory.dmp

Filesize
744KB

Download
memory/3188-586-0x0000011569960000-0x0000011569FA0000-memory.dmp

Filesize
6.2MB

Download
memory/3188-585-0x000001154EA90000-0x000001154F0F8000-memory.dmp

Filesize
6.4MB

Download