asyncrat | 4601775cd644a821b4c34209b2be38795c90341d9ae41a42d8e60aade75fa394

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2024 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Free Robux Generator.exe
Size

78KB
MD5

999bb8b6d93b644475385aabeac44eea
SHA1

2d5c9ef549ba1edec8f546824d8d309090f68df2
SHA256

4601775cd644a821b4c34209b2be38795c90341d9ae41a42d8e60aade75fa394
SHA512

ab30eb89d317fd039afd284682d24477eb82ea8dc91194cb8d933385632ddeda20577f30f7e1bf32ebf7398da9d4ff1f5444a35c059e318d1ac657c3f6aadd5b
SSDEEP

1536:FUEkcx4VHsC0SPMVGqTBeOLI6H1ba/gjtQzceNHGLVclN:FUxcx4GfSPMVfT7PH1basQ5MBY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

127.0.0.1:4449

127.0.0.1:145

Mutex

yeltejgrltfmvune

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Async RAT payload 1 IoCs

rat

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Free Robux Generator.exe	family_asyncrat

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Free Robux Generator.exe

pid process

2832 Free Robux Generator.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
2832	Free Robux Generator.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133738900805872070"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Free Robux Generator.exechrome.exe

pid	process
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
1664	chrome.exe
1664	chrome.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe
644	Free Robux Generator.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

1664 chrome.exe
1664 chrome.exe
1664 chrome.exe
1664 chrome.exe
1664 chrome.exe
1664 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Free Robux Generator.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	644	Free Robux Generator.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe
Token: SeCreatePagefilePrivilege	1664	chrome.exe
Token: SeShutdownPrivilege	1664	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
1664	chrome.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe
2832	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

Free Robux Generator.exe

pid process

644 Free Robux Generator.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1664 wrote to memory of 3924	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3924	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 3024	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 4748	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 4748	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe
PID 1664 wrote to memory of 2132	1664	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Free Robux Generator.exe
"C:\Users\Admin\AppData\Local\Temp\Free Robux Generator.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffaa5d3cc40,0x7ffaa5d3cc4c,0x7ffaa5d3cc58
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1832 /prefetch:2
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3
2⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3408,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:3100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3724 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
2⤵
PID:4256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5032 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5160,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4432 /prefetch:1
2⤵
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4480,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5124,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4612,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4540,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:8
2⤵
PID:4092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5340,i,11345167903116387474,5261363102857260423,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
PID:1772

C:\Users\Admin\Downloads\Free Robux Generator.exe
"C:\Users\Admin\Downloads\Free Robux Generator.exe"
2⤵
- Executes dropped EXE
PID:2832

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1800

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f954f032b1e443f54a60b48c60d1ed70

SHA1
c08bf0189f4f3738350bd331f68d30c5028a74a9

SHA256
a293d28eb1cda1e91263fde8e196998c960decf43890f3176815835bb105ed2e

SHA512
7e1626c017754cbe8e09eacee84195eb681731e5273133c92456d9279a3ac7d969ec207fede6733b2c56fb9be61b7c249a81204a27d2ee8469e03b678ea3bbd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
564743a0c75dc2870f916cb24d6a6442

SHA1
b9086a868144bb5e175a13990c9b7ff1ec773c60

SHA256
749fb07b94f4461210489bce8c20bff41e92dec3f3eb94913f8312b4f45beb46

SHA512
fb6e21f5af14fa00ddacb869befe432d0363977f4640fb29248c44f0a87406074b0bbb86cab653c336808828ded6bcede9d3ab9ee915f431dcad300e58d7cb27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cec55a9dbc1391624b19d88f7bf64fc4

SHA1
f207e9079ada511ee95273f02fde177ababa718e

SHA256
201f2a3ddf1ad71971425ce50220a5866ecb1960b5df1f94deb307e4bf95d7c0

SHA512
0d2bffdbd3d906f29f9fa3b86b35b44a2db5796c487154152e1ab6bbb2c920239254fcaaf53d4131247e2e5920ca794f98aa16902cfbc37846a73383fa6996f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4ee780390592e128bdd95a6abccc1251

SHA1
1c9cba66f2bf68c47285ee0c146629c802776162

SHA256
d7127740ecdd092df51b7027928f2268c082073e9c8e0da7fff1260a07fe6e7d

SHA512
2516cb2d00265a4d7513c890192dc5bd08319f816af952cb9f32beb4d61a9aec59118413d92227bae7ee6e12f993519f807d87d033e7e6c18da876c48bba645c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
bfb186ffa4790f170ad742f915714ac6

SHA1
22c9a910b871599cf9fa57207c57b19ed8342cd1

SHA256
721041a010767e6b33abeb26f9dd2061a48669a37264d56be79145bbb2a8c7b2

SHA512
78497fca83d945e5fb6f9289ce07460f24a8f685e260878b67bc172fac646b4c2bf2eecc2a07fe82b806e72bca009fb6d6798e9450a4b3712ddfc1ff800e9450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15fa221f62b601485a0bbaf2721c37a0

SHA1
dcbbe1e288c835d8d431b0fa030a39f8edfa28c4

SHA256
747a61f26c7fab46b449e60d22494108043a8eb9683c6e9575913e329d5dd325

SHA512
d5791435e24917810a6c7d65b003ff216e3bf64a3733e52955fff483eb747fcf21b8b1cd7ea533fca3c8250ac544c6adf1534eee3a0fa2e59e03114c9f896e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38aafab0790e2102162070f895ee520f

SHA1
6897021c55362bab4a2c4e6ff4363f5e7f6c8eed

SHA256
3c79d60fe78ca7d56d46a6903b704b16b075c8ade1e52c5d833dfdbadb5102e5

SHA512
ce55348e5cf76785c3add3c6c1bd177a28d2352bb4724ee45b1f4c1f1428f8ff155a673497aef9471d9074d9a8a8781c3b0f054a64609601fe67974087d8f983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e059f6fd876a57f5fa21b1981dbb5412

SHA1
00702e1e63c8ed8b5c98ab6621d0be7ce7eadc09

SHA256
d5577a5ac947b0abbd2ef3e5ab05fd519fedf3cbf39bd909c352acbf51362d3e

SHA512
f5d3285b782c15deaef95671d79fbd106e25d29bcd887c8772a0ce233191ee98cb2c55187875a22604900040a3f9931ae1a152f7a0afc0ee89163332c9c89452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f298899f1f1ebaada0e1bbcab6b97925

SHA1
4e3f0611cc1ca76c9768c41d460a9333032046e1

SHA256
216a59a2a648b6486af41dda5f83cc05d0baf25432064e210d7f2f922b202c66

SHA512
fd40c32e5d63ae9dbf9369c2ab30c7747cb8a0b3e92aeb3b1618439f9856be4a6907171bb0ccde6fb756b344fe62e9d139b9edb71f009064f213ac4b11893067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
170e35f595d734a9d6f2710346e538a9

SHA1
1c245df0b8d10ee1dcdc75529fa29191141a3af4

SHA256
f936abd48982d5823f69eaf7698f3430b1b64cd70514de5ba98b134a6295897b

SHA512
6752d616be193f9ba29958aefad5009674091723cb55fad659e1d30d3280c047bbfc6aab1df8dc314db10b70dbc69efe6df35b826238aa13fd78e786bccfdbdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6d55f914344ca3c9c2ab34b984817bf

SHA1
1cfb0d16e8542b2a61f9e687ef8c948de83977e9

SHA256
b1ee15fd277b1063146dbfbe3974eafd394cc1e9ad4ae0ce8a0080befced2bc3

SHA512
68a37743aa28394f2d7d2190e712962c250067d30b6b305481525914ad08a9ac48b01a69c76925d19b19092d94fb8e63709efd3c5068de6b516fd75026e99496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
040c9a44af67a25898c68fad24e262c0

SHA1
490be7adf0b858e097b8cc95b191f50eb47aa408

SHA256
bcce64fa29957f16a93f612b20f5b14ba56c7a536b4958dbb65ce23d6a75bb68

SHA512
a55e6c100eb34fb153df5b7e9f6cc92cfba17e3c75ecdd080f1e2559c59bd8200778f17a07463873b03063d0c36d2d3e27954fa04fcd4a1a93810f2ee28306c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ea6be29d3d66d3f5654b8c13edace9a

SHA1
23bbc482fae9efe398efb2946a81513d5d594aa9

SHA256
3573291d8a0fccc06faf1c3b6af3d50171591814175fa1ed0c445fce70346b3e

SHA512
91e1fcbaac61a53be26513d48dec1ad4b7c86d89189f19b4bab3708e5118da75f17b4abb9ed56f4f935c78033e89ae58bf304ede254630d0fc5a116612643ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d05588ad692c28f1b98952ac3f6a8f64

SHA1
457deec0bd439d2dadf3f148cdcea7c239c033ee

SHA256
040bc763c02e7b19442f6b97d6f0c3fdb33b5964cab69e325c931ba4c292d4c9

SHA512
baf4fc755e5f98e1970f1be62934b1359f6bdf804c665beb93769d240d4ba5c4e21940ae03210b6048183efe0b6bdd9865fe184b4ec91bd8a64b5e0d9bc72542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
9a15354d7935106ba29ea06e43d03347

SHA1
172b68f9060e46486b865aa3e8a4252712aa48c3

SHA256
3be1bf651bc2d60dac88a682817a05ae6fcdd3aca7208ea3c0abe8e24f6283b4

SHA512
ec68306a48a059df1469f648a7c36690ee523358be1f43d87dc7a56cc70e4d53dcbb241363e5032ae75dcc65513f9179f1c6d16d848ce40006c7585f03de336a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
587a1aa6a81ca67cabd1bdf54e7ad1c9

SHA1
159fa847a043425be58fc1527610666050bcda4d

SHA256
d0bedc99e642d10b4d4c5475761e2fad13f04702d8d03f276799181a8881bbc2

SHA512
b632492233c972f4f19fa621d2ec1b87d765f4191b0fa7a1b09c0d1bcce1cbf38741ece918d27e9107e4d5d51ef24eff682a5a9a1089e99d7d33342e785e37b8

Download Submit
C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf

Filesize
8B

MD5
cf759e4c5f14fe3eec41b87ed756cea8

SHA1
c27c796bb3c2fac929359563676f4ba1ffada1f5

SHA256
c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

SHA512
c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

Download Submit
C:\Users\Admin\Downloads\Free Robux Generator.exe

Filesize
78KB

MD5
999bb8b6d93b644475385aabeac44eea

SHA1
2d5c9ef549ba1edec8f546824d8d309090f68df2

SHA256
4601775cd644a821b4c34209b2be38795c90341d9ae41a42d8e60aade75fa394

SHA512
ab30eb89d317fd039afd284682d24477eb82ea8dc91194cb8d933385632ddeda20577f30f7e1bf32ebf7398da9d4ff1f5444a35c059e318d1ac657c3f6aadd5b

Download Submit
memory/644-5-0x00007FFAAC310000-0x00007FFAACDD1000-memory.dmp

Filesize
10.8MB

Download
memory/644-1-0x0000000000DD0000-0x0000000000DE8000-memory.dmp

Filesize
96KB

Download
memory/644-3-0x00007FFAAC310000-0x00007FFAACDD1000-memory.dmp

Filesize
10.8MB

Download
memory/644-4-0x00007FFAAC313000-0x00007FFAAC315000-memory.dmp

Filesize
8KB

Download
memory/644-0-0x00007FFAAC313000-0x00007FFAAC315000-memory.dmp

Filesize
8KB

Download
memory/2832-187-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-192-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-194-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-196-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-195-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-197-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-198-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-193-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-186-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download
memory/2832-188-0x000001BC8A2B0000-0x000001BC8A2B1000-memory.dmp

Filesize
4KB

Download