32a42a21965fd5ebc821a2ddb060461a64e9a0b23bcbc4dbe577ee6da1176fcd

Analysis

max time kernel
46s
max time network
151s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 00:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox_DecompilerDONTLEAK.exe
Size

17.7MB
MD5

2c95112c13cbaafd367179f34cb2c1b4
SHA1

3129724b35622b87407625f7c00dabad924fedfe
SHA256

32a42a21965fd5ebc821a2ddb060461a64e9a0b23bcbc4dbe577ee6da1176fcd
SHA512

9fc954f873d278386b96112db4f2da4995258a69d6695ddfba2f87e99caf8603f3c73ce1e6b5dfaf93760551afb8611aaa04b28bded98ba2931cb75e147a4163
SSDEEP

393216:YqPnLFXlldzrHBRPQECSiGFwgI3jFfsvEfuAwGTI/m:JPLFXLdzrLPQbdvTtFWlGV

Score

7^/10

discovery upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2908	Roblox_DecompilerDONTLEAK.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001c8c2-111.dat	upx
behavioral1/memory/2908-113-0x000007FEF6AF0000-0x000007FEF6F56000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
68	discord.com
67	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
888	chrome.exe
888	chrome.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: 33	596	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	596	AUDIODG.EXE
Token: 33	596	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	596	AUDIODG.EXE
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe
Token: SeShutdownPrivilege	888	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe
888	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2908	2524	Roblox_DecompilerDONTLEAK.exe	29
PID 2524 wrote to memory of 2908	2524	Roblox_DecompilerDONTLEAK.exe	29
PID 2524 wrote to memory of 2908	2524	Roblox_DecompilerDONTLEAK.exe	29
PID 888 wrote to memory of 824	888	chrome.exe	34
PID 888 wrote to memory of 824	888	chrome.exe	34
PID 888 wrote to memory of 824	888	chrome.exe	34
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2256	888	chrome.exe	36
PID 888 wrote to memory of 2204	888	chrome.exe	37
PID 888 wrote to memory of 2204	888	chrome.exe	37
PID 888 wrote to memory of 2204	888	chrome.exe	37
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38
PID 888 wrote to memory of 2168	888	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\Roblox_DecompilerDONTLEAK.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox_DecompilerDONTLEAK.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\Roblox_DecompilerDONTLEAK.exe
  "C:\Users\Admin\AppData\Local\Temp\Roblox_DecompilerDONTLEAK.exe"
  2⤵
  - Loads dropped DLL
  PID:2908

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x184
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f39758,0x7fef6f39768,0x7fef6f39778
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1476 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2176 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2904
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1400d7688,0x1400d7698,0x1400d76a8
    3⤵
    PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3748 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3040 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2964 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2456 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2296 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3956 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4036 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3844 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4288 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4416 --field-trial-handle=1304,i,10677453907163607679,8940846584969753463,131072 /prefetch:1
  2⤵
  PID:1240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf79495f.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
4a0a2bcf7e93539b76bff2c032d6e252

SHA1
e77e5975bc14fffdfac16036a00f310b8b784fd4

SHA256
819915a949f4ef9d2dc26aa150c09059fbdc586604ad24448d9557e34263b926

SHA512
16b45399119e8bbb7a905df3bf6f64ccede93b2a0ff4ecc9dcaf381abb254d63ecf83d7b9f081e1d7b5a8b8be72babc13a49083d4de56c2fcf4b197796413b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02ccc8da3abf652637df2ffeb132d1a9

SHA1
e5627e274ede984131903bad79ed746c5a34dcd4

SHA256
9e58a1c2764d0ba0bf344011a6b5ea93004e885f2bd85a671f6b9b2bbfcab06c

SHA512
505c0581ead3c8f9d49516c115c0b96009ba62fa3f9b85258fba87224ddfe717a22b82c7b069cf1876667af7e945ea920498631f590b5df36578e3a365e38242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0307a3a9b0a9d30183c3b5855c95cd10

SHA1
21b6be17b111f67a9fc20817cde3576bd9e4ec80

SHA256
ace9bfdaa162eb54e98f3f1598443f12855f9e4c527c5384e0dad0fb1bc32751

SHA512
7ebf4acb29258b6294f0fd4cf8c3d295eaf099d2c8d805958589856b80149d4639df17d17306f260b85686a2e5b9f6ba84e9b9ac81d23dc9f26ee41c4ea7e835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5dde9be1ea5feb560226b982daf862a2

SHA1
d3833d694941151e27ff36aa0eb32df45e77e02f

SHA256
15a328c09ddb6af58e5361c73e9ffc69beeab2b843c1232b247651ed7e7d16d7

SHA512
3dbececc696adfaf81bf305de353f2903b27b2fd41dd0fd4b4b8d4ff740cfde175376e76b04ba496de9f8f6c5f2ed6da1bcbf64604b8f753da9dfca2560e955b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
f2ef2c96dc1322dcc714e571affd3436

SHA1
a8bbc010702ac2331efbc713874c0f6fd60bc1fb

SHA256
cc33a917eb166a9e5ff5249786ebc2a9c5d92f9abbf3b492cf045e222a55a515

SHA512
1f94fb69ef9c6befd9bb10b474cbabd8d00fd126881c64726849da1d95a759998599feb3d1fbffef0dbc8f58f57a6abf49783231ca8e39a43bb0e2d0f7f67fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
fbdffba86c7ada9fd81516211bce7b74

SHA1
69423785dcfb1262940249bfb5ad3ece9324b455

SHA256
d6118f430e20c82f103747437d4db8505c0ca969ddf120f6bbbeefff1f0d5577

SHA512
6072e9acabd5139fa7ce3a01a0c04f56968e3b87bee2db20f69fe4670748740ffd31f174922ee6f3042467f61c664419a3ab7a5378a9252630fd60952ebd6608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0785aa63672a9d897388984aa446e3e9

SHA1
989fb2ce1fab35b018cbdabd7943ea35800fdfb8

SHA256
b5722cdeda9282792fcfee1dcecd3ad38f2bd4e525a2e7375dfc53483b244b08

SHA512
630fc5d5b60e8d7760cd7b32c07cc7c9bbc0ea079d8d9967344451466eaf7fc42aec29ef2b8e415db2e20bc3cacbe517ec7e5e8951140935a24c40e67705f766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
649785fe6e719704ce1efbefbbf09f90

SHA1
8bc413a0ac7fa5bd59ddde6ee4706e7a1363d6ce

SHA256
ac0a78321b66decab78228ea821b16cb43f4c2b7f47bdc87daef41ec0d66b1b1

SHA512
76a519c3a7d49335b5456e637f5a655c7ea40fac8e0abcd2f4d3c97ce140af42af2fbe2bdb37a4e5448807624cfb9b633258e341e78b614abd208e96642e3da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
20352d4a6c6cf92aff0fa210854005a7

SHA1
c53f3c83f965184ad4ef8bd9f8eb3d1637055a39

SHA256
a87758e2335f7b3d22a8b609ef061e96788bd0cfc0a0ef4475fc01d81ee11900

SHA512
c25a8d2aa4469e5ab7d1f3c397733e148f0572943768329a0e374bc466814cb969d439e3cd123eddcc106b044436cab11d1091cdf190366a50b74c1bf238ed36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
140caa3e4c04e874388e733df8e17470

SHA1
739b3d9caffe3c2095665fdb3a8570491fc8e11b

SHA256
3fbb2942e12c3539878e5078268ebcd7d009d9ed13e9854af678ae65265c9b0a

SHA512
362931ba225eaeb6d93a7a1d5cf23fafc9f38664f07102a75b7172bd531e378281c94a89dc25e44ba0743aca42519b4d12faf40be0b196e580ef33d4a6adce91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
da29ecbf89984895dbae90ba56e80461

SHA1
0b3eef8d539f8a89a73b9f3f1e94ec6bef8f9750

SHA256
ed7a950afb69dbfcc882d5d7ba7011e5f18d73794349f27d34823456e63419f2

SHA512
dac2ed55bedc835835f78136ce367bfd024e7472915868ed929b8f9906bf6f2d1bb4ad63ffbaa9380cac08b6bcf219f1d258f8042e00128d26ea01012ebf171c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b651d7492d1ea23da2efc6dce1fb295c

SHA1
3bb8d54efc4f37d4f67b08de171cae16a2a63ca2

SHA256
8cac260e29b776acca295f006b9033c274b97abfa0e67c247a7a1f58c73b2547

SHA512
a8c7e19524af001ebfbea2fd851788c0a6f200b18d31065bcc2a7a57643ac0591cf2a2fdb0940d88b24bd276e7233115bbe0c73798e2971f182b4bdea4b0feaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
318KB

MD5
3ead8aa17c54b5f66bd260c08c823a4e

SHA1
c7913b77df83bbc59a1c31836d63b8614e64784b

SHA256
c17bc376ca8c137e2f4bd865bb814f6aa937ccc897f7125949d718a324bd4063

SHA512
8660cfccc99198f7fe4f09da22384d896e36ac65fc76ed600d8dd40d1e65dfb35f20af2eaa760cb34f8b426549c5975032e3852fd046750a01eee49c45e9a2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
74KB

MD5
956d9a7e43f83038fb26e50f913afc78

SHA1
f4ddd21b0507b26ef2e6aea2c93ca537ef1f30f3

SHA256
d27df6667970f7342545bee4bbc05cbf140ef7c16d3ed3fb6834477e02852106

SHA512
b9172090fb720c4c7c1c12a31d65d14ca04975bc1cab8aff2c837f27c34b3b82639b1bc336fc1915f0ef4afb084f3f77f041b22c20876acd97b4299726df0d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1CA7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1CB9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25242\python310.dll

Filesize
1.4MB

MD5
d2db855332efd27f90bdc40139248fef

SHA1
0c855c2e897c4f3b823d4e0152ec8d82d05d4b37

SHA256
c2fb35fc301842b9258c90c68ec1c77fee87e3b6b811dfb53a80573115696478

SHA512
d3df6fcb9c08ef9d31695893587e37e82af9f9fb931463cea2b1ef26685646f2eaf660f743d3bdc57d82491e1edffb6ead1b3175632bd2d28f35784bb15da4f7

Download Submit
memory/2908-113-0x000007FEF6AF0000-0x000007FEF6F56000-memory.dmp

Filesize
4.4MB

Download