discordrat | c6aaf0b451168ddd73647d266758bb7abeb7cf91aac4161be2b1dff309d33d78

Analysis

max time kernel
216s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave Installer.exe
Size

78KB
MD5

6cb6c89f2f5a919f2d961401dee14179
SHA1

81b6a8441e267ec0cb8bc2f0dd542e5ba3fc43b7
SHA256

c6aaf0b451168ddd73647d266758bb7abeb7cf91aac4161be2b1dff309d33d78
SHA512

1d8911dce7ce9b44be57ec73d114f0033adda54754f9908814a7f64999260d8bcb45280cb746051741dea6ee8c77f37ab2d58df656805f9005ff39ea4def48eb
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+lPIC:5Zv5PDwbjNrmAE+1IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NzA1NDA4OTA1Mzg2ODA4Mg.GIzae-.Cfy3Zch9tdGvSAixgwx_6XH4iNIzUWWxKzlDr4
server_id
1257057788819931207

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642541272461167"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
3792	chrome.exe
3792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2792	Wave Installer.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe
Token: SeCreatePagefilePrivilege	2428	chrome.exe
Token: SeShutdownPrivilege	2428	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe
2428	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 560	2428	chrome.exe	102
PID 2428 wrote to memory of 560	2428	chrome.exe	102
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 2940	2428	chrome.exe	103
PID 2428 wrote to memory of 624	2428	chrome.exe	104
PID 2428 wrote to memory of 624	2428	chrome.exe	104
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105
PID 2428 wrote to memory of 3972	2428	chrome.exe	105

C:\Users\Admin\AppData\Local\Temp\Wave Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Wave Installer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff85b4fab58,0x7ff85b4fab68,0x7ff85b4fab78
  2⤵
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2940 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1980 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4900 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4484 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2420 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4148 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4460 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2932 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5072 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5008 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4676 --field-trial-handle=2004,i,10025849539794558474,3795749928564933291,131072 /prefetch:1
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
477997d2a71b843c9f1d64305a19df8f

SHA1
7e004047929a2e33e0c9521718283ae42d56cb60

SHA256
24ce3e383f52c2bb7c03cf2f3f07cabc83a89b396d427b3a2203dc473f9f58d4

SHA512
a45c0d956fa16d44f9e87a6a6e158afabde83f7e9a8d63db26242d5baa6114f29a198321ad9484c7bb835eee3a92c91ba20caffa8ea4a8c143d2caac2f30ca8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d86f1a9a3dd1f3e875df96d6f374d3c6

SHA1
cb2adfe2a79d8c75a399d3451a248a6b46864124

SHA256
932c0b62b88e1f5f06843c3abb78de19a45a2166ddacc768173da97bd26c3f32

SHA512
66063030100eab068c0cb290da535aa0943abeb89cba7355b6cecf9bc546ba94fe51b59426c58d2bba2d47a2b1fbe2b4d724567e598d903205b226693cc3109b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
bc56a50f1e448a1f109e16a74ccfdfbd

SHA1
8277bf7a6763b1b85f4e756194ad439c1be2dd40

SHA256
ec09424f4293e3c3de2a90077ae8eb59d4862c604a1164fd6dedbb8c0250097d

SHA512
43f5c95c810edf1db2c2825beb07b62839c94bb691a4e18bdd672df78f3b28787d146662e207d40ccd3207abfcb22b7633ea06d2ff4c1314f1c9e456fbefed71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8e0eb64e40a40308af90ada839c7ca35

SHA1
27bb19f3a85b5d4f7579d69b309f69e19d28369c

SHA256
4bfa8105639cc72ef6cfec177f1e7242ad46e0901eb08079f30d0baf63acf05b

SHA512
bbb51940915b1dc8b2eaaa2d0e072a368b65dfdb29f5188a17df7e1dff063dcafeb029b90b227caa59c45277b2389f2332fb0d7c2b2f7e4734b4ad17fa0f28f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
09739b989075910237e193f20eb62241

SHA1
29045497ed6ac116f8ada5566799707a664b18f9

SHA256
f86b347799296e85eb8e4620157479ba87dc79d4ce508d85fd5215bf3db97da7

SHA512
c0b5908f1d9ed36cbb3b2b6547b9feaae449c0273df3c2732409b4a674a2286fb3584b068d9b95f619a6968409ef8703dfaf697522c9c3a3048513b31277e324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
2572131d703bf935909d5275ea1148b4

SHA1
5c6ad0a440d2b1d4e21dbcd234534a88955bebc9

SHA256
56b3d780dd0c74a58d8b9cf3bfb3c5389683700a8637cbd0a5b3fe87e9396c92

SHA512
19cdb6c4b0ac86348635f78f2a79735284e0a2998062a29d0630c6e9e15fcbb7aebf63ee1c8d94bc83202fbb076ef31de0111258daecb81d7ead08b309443f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe591301.TMP

Filesize
88KB

MD5
cfb2b8989c1446c8a2cb36fc5d7fafec

SHA1
f9bde0815ba82d396b6636ccf3dca5813a95679e

SHA256
91a43cbdcd1ad2a5bd90942858c9d0e6d2cded900f2153ac1b684422c7026e61

SHA512
9e7248a98f68c2e71b48ba82b3f0a5b5fd68abbcb15c2d8249ecc5124429244a7d825a4d1fad4f87b55d3548a180a7d4875b73a7426e4fad646657ec3d20fd61

Download Submit
memory/2792-1-0x0000024DC88C0000-0x0000024DC88D8000-memory.dmp

Filesize
96KB

Download
memory/2792-4-0x00007FF85B420000-0x00007FF85BEE1000-memory.dmp

Filesize
10.8MB

Download
memory/2792-3-0x00007FF85B420000-0x00007FF85BEE1000-memory.dmp

Filesize
10.8MB

Download
memory/2792-0-0x00007FF85B423000-0x00007FF85B425000-memory.dmp

Filesize
8KB

Download
memory/2792-2-0x0000024DE2EE0000-0x0000024DE30A2000-memory.dmp

Filesize
1.8MB

Download