discordrat | bd250c5edc5ae0d3b3d145301626f39e6c9653c63f84fa6299fa894cf9b0421b

Analysis

max time kernel
85s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-05-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

a285bde6aa62a262cbf0dd42f90a06b9
SHA1

5802acc78b222ec85cbcd2f449f4dae4f30bcaf9
SHA256

bd250c5edc5ae0d3b3d145301626f39e6c9653c63f84fa6299fa894cf9b0421b
SHA512

26aba96134f73798d8a06a1909a63edc8e347b21f36d9fb65442041c4f284fe16c043f47a11c0cf7bb132ce7e60c3a28c91c6a94abf31f89bd8c2478a89fb95c
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+SPIC:5Zv5PDwbjNrmAE+eIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5MTE4NTUyMTUxMTI1NjExNA.GZ9ZOB.tD5HlYf_1j3Uzp4B2DMMOMo_4wjDkNVGIcBwpk
server_id
1243579352478777454

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Client-built.exeClient-built.exe

pid process

2132 Client-built.exe
1648 Client-built.exe

pid	process
2132	Client-built.exe
1648	Client-built.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613972480040879"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4692 chrome.exe
4692 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

4692 chrome.exe
4692 chrome.exe
4692 chrome.exe
4692 chrome.exe
4692 chrome.exe
4692 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4848	Client-built.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe
Token: SeCreatePagefilePrivilege	4692	chrome.exe
Token: SeShutdownPrivilege	4692	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe
4692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4692 wrote to memory of 1516	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 1516	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 4232	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 3104	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 3104	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe
PID 4692 wrote to memory of 2668	4692	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81502ab58,0x7ff81502ab68,0x7ff81502ab78
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:2
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2616 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1792 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4768 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2612 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:1
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3116 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3980 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2616 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3104 --field-trial-handle=1976,i,11265148928143527653,4999141755077374688,131072 /prefetch:8
2⤵
PID:1256

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
2⤵
- Executes dropped EXE
PID:2132

C:\Users\Admin\Downloads\Client-built.exe
"C:\Users\Admin\Downloads\Client-built.exe"
2⤵
- Executes dropped EXE
PID:1648

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\42059d37-97f0-4417-8b50-e696902dd78e.tmp

Filesize
16KB

MD5
f5025394dd7dea5641060f2a3506c583

SHA1
91bde1b3d01be379a3b585135880a9e3a78bb577

SHA256
90e573a49f919662ff83711ce59af587ca3e64d0f23517def1f9dc9aeef6d753

SHA512
d21a54bb5eb7da9b73d40ccfaccb3dfb5c28ab0a396ca7e6ea2a3d0aefe3fc76760fb20926a20763c98c743c07cae636b9bf7cd15a435bf9f5f01002b5ccf5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\84fc9a16-9e6c-45e8-81a2-9fd957d7ae70.tmp

Filesize
7KB

MD5
1f3ced6fb61a3cd2becb023494d8a5c5

SHA1
e339429c02e26ba8e5e16eeb67d9e7333cabe983

SHA256
4479cb35259503890ad43f3057a266a138f0f29f0c86ef209352a455d31df263

SHA512
1279923fb3e00950206f7fdb3b17172d768859fb78428a533004a9c829b0cfa9680ec7f9f5e86f22ff7ad17a3942796b1310cd5f5cd6ca58cf98dae6822860c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d95e393c3b22b4842fc4813feff10f5d

SHA1
1fd6a03245ce354c52ec93ab0cd80d9fb23b4845

SHA256
f29221e89e68f87b35f3c15ca6f96a3c8845f0d67aa7d209c4f221aa22b6fd29

SHA512
9778eb2a50405c980b7d3737b335ce4429c3393f121ec55fed86e75d40736ae019bb1e144fadea067e8fbf721fe4260cad44d0d3f0ffa05fc03aec48c12a7e3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bb587cf603bc694d254a68c70087a772

SHA1
6627282b254992fc87c51d29965ace335537dd27

SHA256
3a694d337cbac07001b46247fea14b6a8122ef77e0484fc7afecffb9eb99fc84

SHA512
4188d08622eb317e47da7036d47b8495623edc9c73622f5794c6798ed7203c5a8145f4819a908d6487f37f5d2eaf66bc675fb42186254879563b14d98bba0464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a56836e4b9e3543e8812d3264b18e3e5

SHA1
86ba5659cb6691a1f00a9f5e55c9bcc53bcfd8c8

SHA256
62fc07a364c774fecbc36260cb0fc6fd886b1600e5ace16250f706b02bdd0ec8

SHA512
9b0813ec14a2f3fec065e36eed26d0755f72ae55188b85812edefb423069583c342db617cd8e54151fb13f74ef93ade680607b1f1e555bc0e1b0c118351d51aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
5ab1ca82c4312dd6dd674b65badf16d1

SHA1
f0283c6d2b21a892fae9efc4ffbf017e71b21562

SHA256
cfea052459850d457b9acbaadde8f384b8b3ad4cd0b09af51ee7ddcd7ce474c0

SHA512
db7e5e3e65c02a96e1250d0c8ce5e4639b31c6569b6a8eec4bfeb89bb1e69fad7da1b37ae85c265591c4fdb3767f9edb047f83d712b6b29e018a391f9f929731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7dfdf127e951290269050b8ce887bce1

SHA1
954bc1a2a4a6ac5c20f3fb5c210b2e02f673a399

SHA256
07f42cd53657df4fccb34fb1eb1abbd515c6fb785cc67253c8cc945ef3f41228

SHA512
da406da221fe4f99bfec5a361539412d54f586168c888a0a5ef2043a088b39c26bba8a5327acd58bd6e7063818de1c74a3317ede912fc3e27a1f5df1bcc6082d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
47cee708af4021b68f3867be6457b264

SHA1
a8d6dcdeb4548b5484b05cdcc9cd43283a815a01

SHA256
e127038114f3265d626bf680b30f0a75692029531d40c62dcec5f60170c48fbe

SHA512
80e1286ed4e7ab12c03f4367d1ed645692133478044680f3b8313f6b3666efdf420899852d2e810f1c497b1e49d39c2bdf841c47d409cdcb90a35e8ddc9bf756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
f384878fcb1549367cecba50dbc6cd3e

SHA1
4851113df548f3b8e59970127a98589ce128377a

SHA256
a1f8eb0216c16ef1429d8beada1ffa498dec5122b0695d8a51715b4e8549be26

SHA512
bc192a62034682804a1a4b7b7ed691048423437631fb4a0857e96e409660a1c255b1403d3fbe9c2f51caff65ea39677113d899138558e16b27d03f6296d9473e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
dfe1752054d515582a1a7c8efd90dcab

SHA1
6fec0a247f4155a670d9d55961b99512affe4acb

SHA256
e8750875da5d8b71fcbcd0aa8f65d1381e303ca9f8eef4a20fda5fed1c0cd49b

SHA512
9dfc0bfd2685138a94f73b6fa8b41b0d2e9e29f2b3bcddd7553948aee4f7ebe8f59f0c8c9e52cae852e0fec987b06b0c1db5103af9c65b325bac3ec1b52a8c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5850da.TMP

Filesize
88KB

MD5
63760620a772411089a477739635a2ea

SHA1
34096f0e2ad6e16340b028301a98f720a8262900

SHA256
a0b20386a97cc910c02cef4301a0f32ccdecfda3a57be79ed744b2f6127ebc3a

SHA512
03a85b6c4586ac248e673dd5dc6eec7350960de497cfef2b6fc41915c0ba3452c7fa64f04675380e391752cff3c77cde1086dc64a14396b1ba3ef12a3f21b60a

Download Submit
C:\Users\Admin\Downloads\Client-built.exe

Filesize
78KB

MD5
a285bde6aa62a262cbf0dd42f90a06b9

SHA1
5802acc78b222ec85cbcd2f449f4dae4f30bcaf9

SHA256
bd250c5edc5ae0d3b3d145301626f39e6c9653c63f84fa6299fa894cf9b0421b

SHA512
26aba96134f73798d8a06a1909a63edc8e347b21f36d9fb65442041c4f284fe16c043f47a11c0cf7bb132ce7e60c3a28c91c6a94abf31f89bd8c2478a89fb95c

Download Submit
\??\pipe\crashpad_4692_FMHSHMKHSKNBZNJP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2132-146-0x00007FF81B080000-0x00007FF81BB41000-memory.dmp

Filesize
10.8MB

Download
memory/2132-147-0x00007FF81B080000-0x00007FF81BB41000-memory.dmp

Filesize
10.8MB

Download
memory/2132-175-0x00007FF81B080000-0x00007FF81BB41000-memory.dmp

Filesize
10.8MB

Download
memory/4848-42-0x00007FF81B080000-0x00007FF81BB41000-memory.dmp

Filesize
10.8MB

Download
memory/4848-0-0x000001A7D5FA0000-0x000001A7D5FB8000-memory.dmp

Filesize
96KB

Download
memory/4848-4-0x000001A7F0EA0000-0x000001A7F13C8000-memory.dmp

Filesize
5.2MB

Download
memory/4848-3-0x00007FF81B080000-0x00007FF81BB41000-memory.dmp

Filesize
10.8MB

Download
memory/4848-2-0x000001A7F0560000-0x000001A7F0722000-memory.dmp

Filesize
1.8MB

Download
memory/4848-1-0x00007FF81B083000-0x00007FF81B085000-memory.dmp

Filesize
8KB

Download