bce8dce5992cc7449446b242c822089d0e2afb15eb1d9ecb88ddc81f9dc909da

Resubmissions

18-04-2024 13:05

240418-qbwgxaea84 8

18-04-2024 13:01

240418-p9d5vaeh71 4

Analysis

max time kernel
150s
max time network
160s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2024 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zvuk-zapuska-vindyi-na-polnuyu-gromkost-300-beregite-ushi.mp3
Size

122KB
MD5

04036f7c8deaf3a5e1a24c59cb9dc222
SHA1

609f633b9f941b28470a07476fab087e4057e7ca
SHA256

bce8dce5992cc7449446b242c822089d0e2afb15eb1d9ecb88ddc81f9dc909da
SHA512

95facecfba70b1478c6380384b086b4006e07f8828f00c7c1cc8ebbf738a3fd4918aa33558c711bed82e1bb1ec47428967a2cdf59c141399bc2f6a094aaa14c5
SSDEEP

3072:QRmclzFNCYulIU5I0UKthAUVB4SNiR3vTMBaYyof+kzKa:Q4iFNelIU5teUVB4ciJAf+kz9

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
3312	DiscordSetup.exe
2308	Update.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
42	discord.com
40	discord.com
41	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579192253971549"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5004	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5004	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4740	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4740	AUDIODG.EXE
Token: 33	5004	vlc.exe
Token: SeIncBasePriorityPrivilege	5004	vlc.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe
Token: SeShutdownPrivilege	2476	chrome.exe
Token: SeCreatePagefilePrivilege	2476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
5004	vlc.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe
2476	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5004	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 4640	2476	chrome.exe	82
PID 2476 wrote to memory of 4640	2476	chrome.exe	82
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1748	2476	chrome.exe	84
PID 2476 wrote to memory of 1836	2476	chrome.exe	85
PID 2476 wrote to memory of 1836	2476	chrome.exe	85
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86
PID 2476 wrote to memory of 1252	2476	chrome.exe	86

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\zvuk-zapuska-vindyi-na-polnuyu-gromkost-300-beregite-ushi.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcb51f9758,0x7ffcb51f9768,0x7ffcb51f9778
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:2
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1884
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7a5077688,0x7ff7a5077698,0x7ff7a50776a8
    3⤵
    PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5272 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4436 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1572 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1504 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:604
- C:\Users\Admin\Downloads\DiscordSetup.exe
  "C:\Users\Admin\Downloads\DiscordSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:3312
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Executes dropped EXE
    PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5920 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=976 --field-trial-handle=1692,i,16085721045908769445,3822764547252223200,131072 /prefetch:8
  2⤵
  PID:196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7f5478b2-3e09-4334-942f-5e98c4058ff1.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
67b4c094d7208d836ad3a46648236cc9

SHA1
40c9defedb5aa47300b33fb40baf818863ac7bf1

SHA256
368899744ac8453eb2055d5f803f219996868b94af6ff9c566a938edf39073db

SHA512
106041f8dd92aebbe7d51a5cce43f9c726c4e8611d0f0a7059cd405e86d555e143dd2761b2460f5ba92e13ea7d17cff077ea2bbf76dcedd653edbfc50b9735e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7b9808b3808e003fb56ddda68b0ca10c

SHA1
ef3629f7bde5e4acb721a7e1fef0dece5bc08ebf

SHA256
ed485dcc6b9cd9f2fdfaebed8a2f7c1b15ca7fcfd431d556bc051013d48991bb

SHA512
e933ad13865ea9d81bd939cc14c7f267813b39abf590e50be41068e92e397f607599b5ea4a6609250ef865dc10f15787cd5f2fafcbca35d757c553f90eafe62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
76745005291a3274eb2403ebc2be764b

SHA1
f222bfd94937c22df4db5f6f5327282d6ab98741

SHA256
4cf2c5cff1dcf0cd460105e288327587f6f103577c6ba6ac60022502b176a9d9

SHA512
0eccf13122b3fae52d2af16ea6fc46f5b91608ea6d25a9a72af1b6362f942ee61a1542ffbedf05695ecbb1529135cd0170242e3f78824766570321359e28890f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7826e84da55824684cc18b13c1385c2a

SHA1
875b40e26948d644f440150e6e088030519ee0a9

SHA256
ced3ad6848aef057452908f6ed189f37d8e6b5a1c72dd91cb986826b02c72972

SHA512
9731375ee525a1ef365607fe7e05f938b93123ee0d1288ff0570158573cf22f7997ff57da5dea2e7d9cf3565e627a15fc0195ceaab62f63b2c9250f26b36ff02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db44251d3767ef1d140c4e8f9a45f4f3

SHA1
8a31c81997f5322f6c1f300eb40f6e350114a9ba

SHA256
d67d1e547877c8b17c2add85c1d1727e1e8f0e0e2216efe3ee61d30d7c48acca

SHA512
3581486b5968c962f40fbb185e3094865b6f2e7fa248bcba5951e93500dac0f07639ae8c1452392e255dea99e81d4f7d46deaf619c514edb7ac936124ad711e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8895c566afe89100d05f541384cf4333

SHA1
f36bcc78414627abe2c44643d8320127e6e55464

SHA256
e918df51048374302dac3b004deed4c0b9cf1cffbad2ea73a4316cf450dc2791

SHA512
1165512557c3755abcdb03c379824aac08f59ebe8299b4b64d0cc81c1b30384f7c831f5164ac73624320a7da63f7003ecb25fc1a6c219a3618c00675465f327b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de8217fc175ff8595c26b66ea7def088

SHA1
8ad5234e05dcd4ae968c97cfe0cf8bd0340a6179

SHA256
02b6cd56a7908abf80aa4fbf0a13ee07044ef76fe0f98156f25834a730ccb156

SHA512
63480ebf933c30aaf8802d5c16c2d0c0ffd854caeb42a54f2d8a8bc3c591dcf91c73b1efe78db9d9bd02aede81132775bd86135006e21b3f7aaa7bcf8f68f033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
eaf5df3d6992f4f65930c46968f4a1fe

SHA1
26d285b2985ea858196291951cb9e97df19eb574

SHA256
99de388eb288d2fdc083aeb78f079b240fffa13de6a587a4874d3113b7e2b110

SHA512
6dde4af688128cc252fdabe4d04915d246ef2eff1974d5ef5f9b86767e74c66db3d4daf5bd7255b4b1eb4128141c1b6a576d9e9a3d4ba28205f7b71ee3a1811e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed1383d615dce2f376ce46a1d2ffceb8

SHA1
a2ee177791386ab8cf1680abcd36ef2840a2f7ff

SHA256
882dcaf2e5838f0e84caaceded923b78ac46fa73d530d90e9b62d0837206db5d

SHA512
ac087d2a57e02e303ca514882f7512ac73a3614e4188da4fe0377bf82254606915307ab069a1173fc6cce71b6c27281a2e56ec98bc6740153b96fb9343d1b897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e915790d2aa438c16460521e32e104bd

SHA1
42f19dabd715e4b05935fad841cacc3baf1bc2b5

SHA256
a296642cc6ce1693043a94df49f978d900b0f0b6922cd12456bf5fa335de8383

SHA512
e4ff6048cf859ad8acf4b4edeb5ff06d86ada980959359f22da95e09b8d6165af1f98270490bc638d9ecb781b98e6a4e297bd20d510f98a7239832313603239d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
62dbd5eb5a80d51f80068bb9cbd72c93

SHA1
3f35507a13115497dd69669572b0bda6ff04678d

SHA256
fed1b7ec6acd6e52573afa7aadedfc5dac0a818ebe325240016fd17a0412e743

SHA512
5c5fbe9da64259a2a6f02df77ee958ef43024f289e59198b190f79226a7e15e4080ccddacfcbb84af3ff7bbf86f5a2c69071a33d51b2cc44d6efcb5b688b420a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
769eb3c1be77a6a072cbee11ba5a1248

SHA1
ffc4717f839b3ab535b3d395d6c9aa739a7cd6e6

SHA256
242daca606a7700da6c7a614d251dba0a2ffd970f2acbfc410075496c1fcbddc

SHA512
74d2b8955818ff9274ac1b681f351e46ec558b7e538d815eb702261572596e284a00607ba0bf245065fcaf4a8de41d13923b9f40b2283fd5085b33037c2fecf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5960e3.TMP

Filesize
108KB

MD5
c5f3cc3c37bb258ac2abcd765a4b0f43

SHA1
d1859326aa8ebced126906b05b7e4efe361849f6

SHA256
e9e053df7610331bec4ce85bd523de8fc49274f02f9468b5855d53b663d7ec9d

SHA512
4f712a23b3bad8710542a9bfc273fec51da9c01181f236b6fc50c134dbf23733e730f2aa48220d9536b3776c9a252cfcdbeb31205b13e5af84a3cb491d4a9718

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9040-full.nupkg

Filesize
104.9MB

MD5
171f0aaf39bebd9d3ba8f0eb3c85433d

SHA1
7af2e2178a8443086ac76da94b92cc2cd6e0857c

SHA256
1981decc208138b17427f1552d72919fcc0f1d715a3ce3e14b4b6160ebd0a3db

SHA512
8f147a4cccf53215acd795e77e0ff406ff4bb5b25a3b9ec91705dde1004cd687c7a800927733d32e32b568bad8c5947f380bb59f9b1fc98a29872c11665fe63b

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
3ad594a5c7e71c0abc781e10bda78f1f

SHA1
3cf89dbe520bcb0588a813047b0b64c5eb3e6f0d

SHA256
1a3c144a30488a10a809e539d62036af28584d89e581afe9526cda179cac2dbc

SHA512
ffdfd0ab97f2a5d599a03520a84ca350270b7e9f3bbee13f394eeda8e9675141c499afca2aaa373e0b7452896e1f3116b32272c0d4cc861b99f77ffe7ee68c54

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.5MB

MD5
54f9caa7660db90502aebb0725a53ee7

SHA1
9d3d3ef44edbbe3a01542596672df2900e011844

SHA256
54af3ec88a28f002198e6c0c4f857fea414cd34da0303a42286fc29db4eff358

SHA512
e1e5d72f1e544fff605cc7dd8f18638c51d7bc069ec80a95c08206ef25be6ba9e041ea8c4d0c0af65b5d551b1b906e81f349fcb178911b628bb417b299ced775

Download Submit
C:\Users\Admin\Downloads\DiscordSetup.exe

Filesize
107.8MB

MD5
6437ce32b8556667b2b21670b8d49cb6

SHA1
363c0e2ca1dfb6b0f55e85f6760f453982f9f97b

SHA256
3c986f72f056f807fb623cf8a0d35b0bf8269610131bdeb36592b60adc479e67

SHA512
6b4e96079efcc883f637e504b512a2c536d03d384f04dfa2107c2a997b5a2854fc6990b7c99a2a7c6888556a5f6a64c623caae983e1986dbbad764b2766ff10b

Download Submit
memory/2308-1086-0x0000000000A70000-0x0000000000BE6000-memory.dmp

Filesize
1.5MB

Download
memory/2308-1106-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/2308-1181-0x0000000005400000-0x0000000005410000-memory.dmp

Filesize
64KB

Download
memory/5004-28-0x00007FFCC6740000-0x00007FFCC6770000-memory.dmp

Filesize
192KB

Download
memory/5004-61-0x00007FFCC2620000-0x00007FFCC2636000-memory.dmp

Filesize
88KB

Download
memory/5004-32-0x00007FFCC6700000-0x00007FFCC6718000-memory.dmp

Filesize
96KB

Download
memory/5004-31-0x00007FFCC6720000-0x00007FFCC6731000-memory.dmp

Filesize
68KB

Download
memory/5004-33-0x00007FFCC66E0000-0x00007FFCC66F1000-memory.dmp

Filesize
68KB

Download
memory/5004-34-0x00007FFCC5D30000-0x00007FFCC5D87000-memory.dmp

Filesize
348KB

Download
memory/5004-35-0x00007FFCC6290000-0x00007FFCC62BF000-memory.dmp

Filesize
188KB

Download
memory/5004-37-0x00007FFCC5D10000-0x00007FFCC5D21000-memory.dmp

Filesize
68KB

Download
memory/5004-36-0x00007FFCC6110000-0x00007FFCC6123000-memory.dmp

Filesize
76KB

Download
memory/5004-38-0x00007FFCC5510000-0x00007FFCC55D5000-memory.dmp

Filesize
788KB

Download
memory/5004-40-0x00007FFCC5CD0000-0x00007FFCC5CE1000-memory.dmp

Filesize
68KB

Download
memory/5004-41-0x00007FFCC5CB0000-0x00007FFCC5CC4000-memory.dmp

Filesize
80KB

Download
memory/5004-39-0x00007FFCC5CF0000-0x00007FFCC5D03000-memory.dmp

Filesize
76KB

Download
memory/5004-42-0x00007FFCC5C90000-0x00007FFCC5CA2000-memory.dmp

Filesize
72KB

Download
memory/5004-43-0x00007FFCC5C70000-0x00007FFCC5C84000-memory.dmp

Filesize
80KB

Download
memory/5004-44-0x00007FFCC5AE0000-0x00007FFCC5AFE000-memory.dmp

Filesize
120KB

Download
memory/5004-45-0x00007FFCC54F0000-0x00007FFCC5507000-memory.dmp

Filesize
92KB

Download
memory/5004-46-0x00007FFCC54D0000-0x00007FFCC54E5000-memory.dmp

Filesize
84KB

Download
memory/5004-47-0x00007FFCC54B0000-0x00007FFCC54C4000-memory.dmp

Filesize
80KB

Download
memory/5004-48-0x00007FFCC5480000-0x00007FFCC54AC000-memory.dmp

Filesize
176KB

Download
memory/5004-49-0x00007FFCC5460000-0x00007FFCC5473000-memory.dmp

Filesize
76KB

Download
memory/5004-50-0x00007FFCC5340000-0x00007FFCC5371000-memory.dmp

Filesize
196KB

Download
memory/5004-51-0x00007FFCC5320000-0x00007FFCC5336000-memory.dmp

Filesize
88KB

Download
memory/5004-52-0x00007FFCB57F0000-0x00007FFCB705F000-memory.dmp

Filesize
24.4MB

Download
memory/5004-53-0x00007FFCC52D0000-0x00007FFCC52E1000-memory.dmp

Filesize
68KB

Download
memory/5004-54-0x00007FFCC52B0000-0x00007FFCC52C2000-memory.dmp

Filesize
72KB

Download
memory/5004-55-0x00007FFCC5130000-0x00007FFCC52B0000-memory.dmp

Filesize
1.5MB

Download
memory/5004-57-0x00007FFCC3670000-0x00007FFCC36C7000-memory.dmp

Filesize
348KB

Download
memory/5004-58-0x00007FFCC3640000-0x00007FFCC3668000-memory.dmp

Filesize
160KB

Download
memory/5004-59-0x00007FFCC2640000-0x00007FFCC2664000-memory.dmp

Filesize
144KB

Download
memory/5004-60-0x00007FFCCB7C0000-0x00007FFCCB7D0000-memory.dmp

Filesize
64KB

Download
memory/5004-30-0x00007FFCC6300000-0x00007FFCC637C000-memory.dmp

Filesize
496KB

Download
memory/5004-56-0x00007FFCC4FA0000-0x00007FFCC4FB7000-memory.dmp

Filesize
92KB

Download
memory/5004-62-0x00007FFCC1B90000-0x00007FFCC1BD2000-memory.dmp

Filesize
264KB

Download
memory/5004-63-0x00007FFCC1B20000-0x00007FFCC1B82000-memory.dmp

Filesize
392KB

Download
memory/5004-64-0x00007FFCC13C0000-0x00007FFCC142D000-memory.dmp

Filesize
436KB

Download
memory/5004-65-0x00007FFCC2600000-0x00007FFCC2615000-memory.dmp

Filesize
84KB

Download
memory/5004-66-0x00007FFCC1C40000-0x00007FFCC1C51000-memory.dmp

Filesize
68KB

Download
memory/5004-67-0x00007FFCC1B00000-0x00007FFCC1B12000-memory.dmp

Filesize
72KB

Download
memory/5004-68-0x00007FFCB5360000-0x00007FFCB54DA000-memory.dmp

Filesize
1.5MB

Download
memory/5004-29-0x00007FFCC6380000-0x00007FFCC63E7000-memory.dmp

Filesize
412KB

Download
memory/5004-7-0x00007FF71E1D0000-0x00007FF71E2C8000-memory.dmp

Filesize
992KB

Download
memory/5004-27-0x00007FFCC6770000-0x00007FFCC6788000-memory.dmp

Filesize
96KB

Download
memory/5004-26-0x00007FFCC6790000-0x00007FFCC67A1000-memory.dmp

Filesize
68KB

Download
memory/5004-25-0x00007FFCC67B0000-0x00007FFCC67CB000-memory.dmp

Filesize
108KB

Download
memory/5004-24-0x00007FFCC7150000-0x00007FFCC7161000-memory.dmp

Filesize
68KB

Download
memory/5004-23-0x00007FFCC7750000-0x00007FFCC7761000-memory.dmp

Filesize
68KB

Download
memory/5004-22-0x00007FFCC7770000-0x00007FFCC7781000-memory.dmp

Filesize
68KB

Download
memory/5004-21-0x00007FFCC7790000-0x00007FFCC77A8000-memory.dmp

Filesize
96KB

Download
memory/5004-20-0x00007FFCC78F0000-0x00007FFCC7911000-memory.dmp

Filesize
132KB

Download
memory/5004-19-0x00007FFCB7060000-0x00007FFCB8110000-memory.dmp

Filesize
16.7MB

Download
memory/5004-18-0x00007FFCC77B0000-0x00007FFCC77F1000-memory.dmp

Filesize
260KB

Download
memory/5004-17-0x00007FFCB8110000-0x00007FFCB831B000-memory.dmp

Filesize
2.0MB

Download
memory/5004-16-0x00007FFCC7920000-0x00007FFCC7931000-memory.dmp

Filesize
68KB

Download
memory/5004-15-0x00007FFCC7940000-0x00007FFCC795D000-memory.dmp

Filesize
116KB

Download
memory/5004-14-0x00007FFCC7960000-0x00007FFCC7971000-memory.dmp

Filesize
68KB

Download
memory/5004-13-0x00007FFCC7980000-0x00007FFCC7997000-memory.dmp

Filesize
92KB

Download
memory/5004-12-0x00007FFCC79A0000-0x00007FFCC79B1000-memory.dmp

Filesize
68KB

Download
memory/5004-11-0x00007FFCCB410000-0x00007FFCCB427000-memory.dmp

Filesize
92KB

Download
memory/5004-10-0x00007FFCCC2C0000-0x00007FFCCC2D8000-memory.dmp

Filesize
96KB

Download
memory/5004-9-0x00007FFCC7BA0000-0x00007FFCC7E56000-memory.dmp

Filesize
2.7MB

Download
memory/5004-8-0x00007FFCC7E60000-0x00007FFCC7E94000-memory.dmp

Filesize
208KB

Download