hxxp://roblox[.]com

max time kernel
1801s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2023, 17:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133270093159054605"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe
Token: SeShutdownPrivilege	1948	chrome.exe
Token: SeCreatePagefilePrivilege	1948	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe
1948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 4288	1948	chrome.exe	84
PID 1948 wrote to memory of 4288	1948	chrome.exe	84
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 1224	1948	chrome.exe	85
PID 1948 wrote to memory of 3260	1948	chrome.exe	86
PID 1948 wrote to memory of 3260	1948	chrome.exe	86
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87
PID 1948 wrote to memory of 4880	1948	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://roblox.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff255d9758,0x7fff255d9768,0x7fff255d9778
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:2
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4900 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5064 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5284 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3080 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5164 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5212 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5584 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5356 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3052 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5532 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4572 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5768 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1676 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5720 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3076 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=748 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4456 --field-trial-handle=1828,i,13846343302406448167,1895549425084011524,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x418
1⤵
PID:4308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
24KB

MD5
a42c6333a13e5376af95f46fd9c7b627

SHA1
57a98e519a44915e39a0cb6f23812adfa6611e67

SHA256
62bff9dd0379da44f9d7f739af671bb6b243c016b49c7146b431ae9e6b9cb41b

SHA512
68e511708465c75662845c55169de20572adfb359e1f4fd037c169bda44d853fdc622794912406b1908b585c3965d4a8612c007af9ca2601dacd4a14283fc894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
163KB

MD5
109e1354dcad59ff8d3e589dcc09299a

SHA1
bc2cf564c7967a59936c2074b78e124e17439c3a

SHA256
a9f34a49984f7a94c7a522a6d171e470701d34a4b630dcb7ae673e6cfaf2e5ae

SHA512
4a85f37ac35db60a44e729a0ee842e45172657c17c71022dfa73aed445106b833cdceccf94b1735737d5b9c06da8db19a6799186bbf742544c943a4b8de737ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a

Filesize
25KB

MD5
fcf4ab04cde575a6beda267759035584

SHA1
d368a4d8f4e9ad39fcfa3cea6dedb24d7423e586

SHA256
d297d346b9577f3bdd233727a8dc0b929f6cc62375677d7aee33b1c92db36747

SHA512
d350b496bd732e3c6c30d4999b030b4264b65b398760c97fd0479034f7e0dd8adce3d82a28988bf99eec90c62c7f3cad78df271e8ee7514e9d014fa3c9981f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
75KB

MD5
894794e4587d35a9d3ab59533d9e1d12

SHA1
141d337a8fddba5c1175b7a414e1a2f2a5ef9c12

SHA256
1030ea2a82202d39ef97ec30e10d8e7fc523e3bca23f8b272a75a39b04dced17

SHA512
c8153ed8f9357c3855abe093c43c21eb21351451c988eb05c3198fedff8ab1bf3b2782e5fea4e672803c9f75f63bc5c18933b51d2e617c5a55396ed4c75c5120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3f7f8d20ef237cec9ea13a5ba6a44f15

SHA1
808457190ab1494ca1e8cf7f2aa4a01977f69715

SHA256
b6bb9ec82cf83b64d82174fba148c1ffda3b0f92f9cb47fa7a6cb3a69b4de3ff

SHA512
aa0eff83548269be38950f02d4c33ca8c386c9dbe64b428689b366332d560aa9e9d9fed616afa4cda460e43379bee3f3c42776aec71be4596866053fc251edbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
12c8c64f39809fd690aea98f9efc2574

SHA1
752cccae2fa50b6ac01ac58ef3fb772b9cdcef18

SHA256
6a0451348825609d47c0d5f3c7bf6d109a37ce6c407d88f5c828c964f5facf7a

SHA512
92fbe13a01a0d41f540fa36ed295b9d7970fcdbc91ba859ef7e84a548525ad6c28c62652d8c920bc15d42f95f45d4fbf8c1da8fe478407c3277619fb320be1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b5043efefa39dd43e745173312806cfc

SHA1
ffa297583f532c5ec3e197de348fca1e084d7f55

SHA256
149dec8a40357ed70aeac119a30958f9bc4ea46f9969a3e2b3dc30335eb763b4

SHA512
58808fbae3f6c68f3a12dfa7b227ed355c03378be31de2e9feb6afe2c8260521851976dce17db406dd8005aabfa8bfd0863260b5583a50f946aec3cc437097c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0da0c2166e26659115cfa15c316fd9cf

SHA1
b509d5dea740e8340c9d793253e4c7ec2e5af5ee

SHA256
98ebf68b6c651385820b25974ebb2287c23c344b3aad6b6a8a0a2bb9e2a05b6a

SHA512
2034af8fcc548dddda7d0e12aad7bf9bc8f261c3206af5ddbb071df641cd7eb9bd543d25ef033a8499c0d5ec1011912cbfee845b0eba15ad6d8896bc0bc05515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
93c14b9b0d7db1d4ada19ce39637058d

SHA1
e0773ba1cf9b02aed727bcde72d601e93cfe9e9b

SHA256
3097687e8d0d87d43e6718bd337b65b15dcd535f95527468630f58eb733b7fc5

SHA512
8c1fb3533f5a8ca6a583421aa535f41075e94b503ecaf740b350e3222b3d4c2da3da55456262502301971bda2c250c95e7d879cc73860debfbd9bf0cf8524efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
963b31ebf8f0f4e1e8375b7b35747f13

SHA1
d9d37f1e0d614d1c28c6553097b4e26ef442ed8c

SHA256
555f9287ceef1e3a857592309aaa84e8033fe1a3e3d195289d716c1249c49a6a

SHA512
d19e5b78ef7fab68ec6db234751edb208b203baf229efc2d945e3efd2cba8479d247377e27f8b79bd35bbbe80d98522b85bd0f7bf7eef752767aabcec264a85f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27cdfb0ae1b15193317431b6064d5c65

SHA1
dd9ea1cfed1cd4a298e2e98d582b2c28b695d036

SHA256
927104e3c6c7363e889424eb80349a0e93feee5af47352908ac2b6d9933c1699

SHA512
ebb5d4c9479e84482e6505799dbbf7d2bf11ca8a9551eaba2b862c39072822e1d0e8ba373082b312d63e87d80662151d644e28c6e092d97b44ed22cbbed3cf42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1fe50a38b3c6a3fd962355af9f4d2f70

SHA1
953799b1cbf23f7b8421680a89e09e1cea48d99d

SHA256
6932c77000eac412ee103472eaa36695c5c12aabed8ccad07bec0ac9920f59ba

SHA512
af25f705ce63186021917bbc0b0aec3aecfc0e6e76d160719dda7cd5fc18e1bc456ca74d6e3fb669c6b675b7ba84e2d7d97ef81844177e06add8bf815116fc1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0c5dc5ec356456a43fd0fd7b11c7fb03

SHA1
b05fb2fbd6363e7b4d128b3e67f0eb02c59f3518

SHA256
fc49eeda5850da098bedd9f266a09710d4c6f4ff8215df919fc974b914620d3f

SHA512
5a150f7117ec805d71063da53f2b1063de184e6e088686ea7b26f48f0cdff792fa51d5cd111a806c37133374d8ff4031af541f3f32e1040f1fb127f02e2021f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d8f91c5dae912c46fb0a7c9f9a8fd894

SHA1
d0c0fba3a5c4c841c841d6139e71236d56920efc

SHA256
80c6b5bf5f92d3799fb870b06b9bffc4862441ba0b95c39464690fcb6cb5dfaf

SHA512
cd31434303024c4c427599f228a5c2c88d4c33ed399e7cae733d8cc13d07c990d7d8ee9cc9e237f6e36cf7852e6a6c127e73bf5f50a27da309c75e8db8c7b411

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f9721b9b81be43c8377d18b69cb0353a

SHA1
2869cc2cff5d525c2e9aecae35935f598da28036

SHA256
f7f985d4f93e6fcb4387e12de845d9d0d6ed2817f8e3f63b0eb87c700415bd83

SHA512
a39f7f27d51f5df14f45d26b4f0aa81498cd61d5fda0bcd4cdf8cce9d3e4905f1a17d75e8e60b0d49362001a84c98616e0747d79fa5fcbf3e02330219ee4bb30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d4715be3-4027-4d29-9414-a5e3f84fdf52.tmp

Filesize
1KB

MD5
5381e648e010dafa4b53e00f70272d05

SHA1
1edb21b5a9239ddc3e47ab7737464aaad9be82c1

SHA256
c3dd29a64f3a9abe2686867f62270209b73e2356d576134b48668ccf2e6d1d84

SHA512
97b86ec500573556368d4e7743c927b8462f6d489b27c0fd24bfcdfc95b1b052372aae42d7bfe1771fca0b17a8e31a4cb7ffe58dd668e9eed585a6a2b1d717bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f64775e3a5062d5be9137c4470e5d202

SHA1
b063393b8c1d77be75aa6354924666db08b0b45c

SHA256
9fdfafcb7364f8bd140dc5218a281fd3aaa7c1e36ec906d0dc32a5040245518b

SHA512
15daeec8b5ea8b0446c9f4c1039a874048036a1a4c32b5fbae38620d88d0d86db29e7cfb07983aa30e0d15d2d4fc8f7e0d9fcbc7e387edc70cfcfa925b9f3aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0f9e38e63b880a1123e60b62df1a59ad

SHA1
1431908bbf8aa41e5ec45fe1355d5c84c2033c34

SHA256
383f43eacdeb6c216bf892057785e5a2e8bbab99e54c04e06ab4445de4eed66d

SHA512
b15eab1e29f7c0b2d952d125b559f0b896414b9fbe2e1ae514aab8d521525a0edc67d147f09f3afb49c3ad108a97ac086076e9f6acefaac7ef1ef53e0aa9bec2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3b6d5e37c40639d67d2f76e1aaf96f32

SHA1
2c79eccd267245040e98597598f0ecaf745db1ac

SHA256
4e33225e4a001463e6129943eed5592b0f9ecfd96e8bda52364594215c7dec95

SHA512
13850d23c021cf2407ff3f14ba8af5fa344a687ee6540534633262706fc38f8e92c2f076aeb12655b02ade23b18f76b5f02055ea399f3a2143c8f2842a2413b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
78d4e58d8b5ff3bf33dfd5ebe72fc681

SHA1
45187b09acec19bde204cd73d5395a494fb0b9fd

SHA256
d744203992fc10a0f224cdbdcc30675cda84e08dddb416867715430b91489430

SHA512
99df297673796f7d45dbf3a9c604bc7ae9b1e6a469eff95f8ea694f18399da6f79554bcf9b424e44653ff9a572d386e99e10f9e97b97cbd9ea737aafc86ccb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
34c35dfadb6235df2949d2afa80d9db5

SHA1
caa91c2f28b6ff2f66e1e42c38f56ee8701c500d

SHA256
7a9e1d39dd7ee90f3988990a425e1aef892c45d7869f41617a00be8292ac4bfe

SHA512
ba4c855260787f2fd22b1f3fa846bfd5f65e6370e14e8298d41978df2b7d9d3bca75bcfffc81138c483d3e4d57a3c411a01bf177bcdabdc7cd3b56bc5b6a05ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
b78809ea12bf9f97c05bd8ffefd8a7ec

SHA1
f2900a828b80e6beb3afd265dd03ce86a3f76e2a

SHA256
77d75ba69a416fc5f4c550168b52916aabfcadeedb0bb640334a691e3e03a8b5

SHA512
2b3a6662fc5727f31a49d3a5225d8d6f7cd54c43cf4a6b5c757aadf6d30664bb736650f081912174c6a1b213308929867bbd2f3976b7d675cab49878c7b6a5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
f38b5664c7073e8e195841fd0c35a8d8

SHA1
507779b337ac6f31899b2d7161fe70d6a3c02e57

SHA256
086bdb03d313ee23f389f524d08bce7a140111b63164fe21c6f83b722b134081

SHA512
d8a07642d1d191ed82a87d0666fa410eacc56d0eb1af05294cb148a1bbafec65a4b1e7e7e1749182523c6f44dcfe5b0efaa1555cc2040141df449f74fd88707a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
3329fd8229ece4cb4cbec0b55e0bfd10

SHA1
6a7187b7f844e11ef780af80982f7ccd0d2322e4

SHA256
9a186cb9c526fe23483e4854423ae361efa886fcf376dddb5c01cf2d60103c99

SHA512
a7a7965534ad73f13a6bc62cb0e807cce8a22941068ca37be1d10bde2f2fb60081eb2f6769f8b3b1e5427e33f2edad7464a719d7f7bb38c620bd450934f8a447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
c565b874429db841b0f92e497fc27c95

SHA1
8d0e2dd228831b335eb48437ec2186f0d2468140

SHA256
99b71b28f4139c324b8b2c0280db3405370d10dc390e053d695fe8a526766ad7

SHA512
bc6aefa7dac1befebbde199c9a6b75a45a9cf83155cc0ef298154cf4da7880f363ca98092a76c9a8547ecae8bce33fa41050b59856991f95597fc5886858df15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f898.TMP

Filesize
98KB

MD5
896ee609669fd340f5fae476fc9807cc

SHA1
f57d9cd439a10f6a658960aef9abf2169d851ed1

SHA256
d8852ac050655c060e571d1f05e3b0c369097b641e2674e77b9050f4bcae619f

SHA512
852c89a76adaed6f0e934cfbb5e1a0f412bac257f9aeb7040273a4af2cb9e16853896b32ec3bfae2a011b3f24c83cdecf1a3887f9afc31e0378667d96a2bd9d3

Download Submit