0bf427d342137a4f079b52bc8c3e898f219d6c4e2a483877bcf553a38c79db9a

Analysis

max time kernel
150s
max time network
154s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
04/05/2023, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2016-2017.png
Size

8.3MB
MD5

10ca3b4512f4f470d2b656f4a3b35a6e
SHA1

cb43cd19ffae71f87e983d717bf7c237c24f11f7
SHA256

0bf427d342137a4f079b52bc8c3e898f219d6c4e2a483877bcf553a38c79db9a
SHA512

07b297162bcf8c499acd71550b8055cc6f51ba36be5711c06ed3a51fe32013429b100ea58ae65cd77956df0f47d3b0d983605f345128884a71fe79ae44915360
SSDEEP

196608:m+3sGZNg3+FDxC/gIzeWeAcjm5G/nar8vQ6QlXWhL9HC8+O:mgZNgMCRzexJj86ar8ZQlGhL9GO

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4628	RobloxPlayerLauncher.exe
3048	RobloxPlayerLauncher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133276946382462073"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1148	7zG.exe
Token: 35	1148	7zG.exe
Token: SeSecurityPrivilege	1148	7zG.exe
Token: SeSecurityPrivilege	1148	7zG.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe
Token: SeShutdownPrivilege	4540	chrome.exe
Token: SeCreatePagefilePrivilege	4540	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1148	7zG.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe
4540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 4648	4540	chrome.exe	74
PID 4540 wrote to memory of 4648	4540	chrome.exe	74
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 4824	4540	chrome.exe	77
PID 4540 wrote to memory of 3064	4540	chrome.exe	76
PID 4540 wrote to memory of 3064	4540	chrome.exe	76
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78
PID 4540 wrote to memory of 4376	4540	chrome.exe	78

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\2016-2017.png
1⤵
PID:996

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\ReadUnlock\" -ad -an -ai#7zMap5335:78:7zEvent24262
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffd4f719758,0x7ffd4f719768,0x7ffd4f719778
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4920 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1576 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5460 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2652 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5896 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5868 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 --field-trial-handle=1580,i,7405181545182205776,5236916235353893783,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
  "C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe"
  2⤵
  - Executes dropped EXE
  PID:4628
- - C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe
    C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\Admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6f090470c7ac493ef88cf9d686298b0dca19572a --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x724,0x728,0x72c,0x704,0x6fc,0x166578c,0x166579c,0x16657ac
    3⤵
    - Executes dropped EXE
    PID:3048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:804

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
97KB

MD5
34b97f8b9e4296af5238fc8f67586b72

SHA1
e6c4b92901c1a9d8aa6a7247143c2560a90efaba

SHA256
70c158c98bf7abf5e0bb3167edf6ed0d378f9380fabcf281cf0fe59623a0c774

SHA512
0df677459ce64c61aa109aeabcf8f91e5a19a98ddc3426818d5cb256e05abab604b2455296e83fd4687798f6f241d470af431ac9e153df95283186c28c3ab4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
66KB

MD5
3754039a38e1c55d1313c8f917af846d

SHA1
9d1dd943a00ccf6808517cea4b473eae52812ff6

SHA256
546426bd297af301964d1947804f9905afe41534b03b432c2bc50f613d4e6f48

SHA512
c788e6fbfeac5c3a042a750999492c24d543a4cd65839281944e87a7bb698b656d1a8883a9f941ae3c36b398821a8ef24a47cf56c272ef6a0afffc59f95576ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a35c29f67acea812aacefde6fd299c9e

SHA1
6f24bdce3e8d408bcf42fb543c1998947d53530a

SHA256
822d7efbf53cc2049f67982e873518cb2a5bf71ae285c93e76f3d9e2fae0d8cd

SHA512
8b143397684394d1b009097facbcf7e1587c02ecfe78f172999e74ad8eada19bdf3caa3a11ac9b0167ddde55a79c3e3c105c2c224a1f3ca1af17982d4330cea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
24f6bcffe235c77f353658c82f8619e5

SHA1
715aa6316fd1744a3ae0c9480eec69e7601977c7

SHA256
668fdb41b804bfb86b57f4136e71cd7d95349fd1e905a52913d5bada325ae31d

SHA512
da7dfab2a84ebc781077917fa13ebbc28898e0fa92340e8e37531f5bad0fa4f17d11fc9c6f66ec6671aa4d8ef6ccb19bf3a80494ef5110b1306916a3c4d1f481

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
40bb3cd54f50b04c287007dec590e5ef

SHA1
ee1b54940dd135f63c83756f9554b63410f47bc1

SHA256
153de7906149fb9edff3fbc28852101f30e1c74d17fbf6f595ed6d99be592ee5

SHA512
0bdd25590a23a72563d8651374e627a803d2af259958ac401d46fd75d3ac31d99fe9567e9c421da93264114e70c2bf9b2f385511894e44c0ec02ff03958dce53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0093dcfcee3ef4ec07fa92ee31f118a

SHA1
f7e739482f97816f83229d4d42f0ff27a8d1fdf6

SHA256
485a8c3c4c302abd17cb0402cc5ff81f1a8f8389570f415bc79ef43d3ba5e7d5

SHA512
8817d05f9a621d830f4204f4312904d84d40fb5f25462b3a15494351e1369aa70355153a1977043259e654f66073003d93a196f855e8fb5daaa78b62461f87bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0f3ce5646ca3e1ae171a63818f1fbe78

SHA1
875639783f5ea5a9c7093bf4dba76c1e043ef0fe

SHA256
932286b7670bf401262840c9333775c70b68c8f12d03e4513ec72887b9ede3b8

SHA512
38415d9b7139744e4b953e06720f7e2b403d46907dee0d6dc8b9a0041c0ee3c518703e7cd7397d2577769f583c4c308148999dc8697fa3cd0848369bb64befe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa4d8763aa666908cedf4fbd49346249

SHA1
36ca39b43dc37bfd38e57846c3e82c4bf7c52c73

SHA256
c5cf14778272315f2077d777e93af7aedd895e975451d459ec9d966d6b224dd9

SHA512
84aaa530c5499c2130927d3ecea533912b34d308049b118aa535b15ae086ae93c3c56558ac6e7a1b12b690dd9c7196ca0b33131ffc94540699c1065cd8a3cf72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
665aed2221b24562ff1a59ddaad3bdc9

SHA1
dc93560c58f741240f93a4ad9b7fba24788e8d60

SHA256
7c2539fc537d3cf8662fb3eac7ed3db1f87d34a8c173b8c09a0fc540c2193756

SHA512
966d82f1d1c48185713fbe3a0287d68bfc29585a703818e522af4371cb773a841bfb1093573c5abb1603a7ea68c02b5cd55400267b0eac9cdf918be03401b935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c2df054f2264f664a5f3c5d13dbd7543

SHA1
887c2af3bbb77ba89b0cc83903f1010318f47415

SHA256
84ccbb8bc50b4dc88691b9b9a0099c2e5901827aea50e8e61aaa8911123baa93

SHA512
55ab587a4da4e3843aec8746a9a2604511e9f503e9cc386758165a7a91a0d591be7b5b6f086ce3d3f255dec490f363d0d97bdad734fec1b8f15be4b6f116967c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
183c0ba29fd9f3ee4c3d804acbf8647f

SHA1
7b3681e97795d39874630a8ffd0257dc5369a081

SHA256
4fc0cca31767591dce16c0c220bd044dd987cd1512e143ea0d7a915fa91a5a69

SHA512
d625176e0b5d4ba7035bd13412e0606b78abfd2c496ac9d36687d9d529788f04e63bf1ccc8a9ba0e76e36bc66d50f6bc7c7512a9706722d1df7b00006d310d36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c368b555e77971a78df005d0fe8c057c

SHA1
e0e3ea4961b7e2e984ad628dbd8a25e7b1e3e9ba

SHA256
2a80736916a47fdb54a42f104e2a32814644be0c24b51a19c12e1dad85e489c7

SHA512
aeab6ad944a67cdafb8985f6105fffe703d81925e1bfda19c34f4294bfa9626875a7309687fa5348aa34656c8a54f3d8d8c8196cb574b141f4d9f1a9035715c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
822a268177ff86bca09aa4bfa0d3026c

SHA1
08be75a92ca9cb3ac568606822e1998dc0c081d2

SHA256
0966358880e22a1ba4796e27588782059afffe9a9c6b781c7d0c4a420fab21d1

SHA512
a8ce5d0c4ced7fe77cc851bfe7da78e46546018ff80c437f3ed59e753a358780f832ec878387b6f77fee0b80f1f749a84c0053e454cf591c831816fc973cfcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
de0ef904cc4cddb8b07cbfb325330484

SHA1
d430dbd16bfe6f41a44c5099a6f4c4e234816f85

SHA256
3b8bef7d6dcf1580b88f650982efa207edeb16836e2fd0e34ff7475dfa16bfd7

SHA512
eaa1e90ca5178376b2dd5c48dd90d3e08387227fff95513257771782607c6167b4ec70d62d65c1243d38c075100dc8e6dc3d66b961782e8af23269d410b87cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
baef4b22ecf24e7d44cd80b301e7409b

SHA1
13e86dd1e85ecc79082e7028e5fc7397ce928650

SHA256
fd48ab722a366eeb3cc4dde3732772949eac57980d92faaa9fcfdfd67d9a9382

SHA512
046096525f140fbd2dc9177ca2661e0f4646c8bce6c6d9fc885c75123ab24a69af7c51148a4331eae72e4d909d59e9513978dffd17d8d48e4a80bd0c6ae36fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d42e202f229a0f2612a85f03497d770

SHA1
9d532f3e57edf1c5d70d764076305d783b625aa2

SHA256
39ba694218a72af45f4d33d322f1861be440faedcf8c75e56243dc1526869593

SHA512
ebec20b19dba6e2d062177de109f46f59e66224c9527aab3b66199d29ef991b6b5eecce780caf878577cb0fc496fbf20d1b9812508659814743f3e4b75c8f574

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6f8a68af010c262ae3cd89eda3c456b2

SHA1
8ce1d1399c6930cc519468b35e3bba814bf7e026

SHA256
3733dd282563a588f3f3267698b67b5344c497b06b2a44cd6ac21e2c74c4e807

SHA512
f85519ed9545b7ed95b89e4c712797de1163499a21f06bf462756b8685e30b6871959d663401ff6854e3ab019050781a6c6235f5539e29263bd6ae4540db291f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5bae3e79dfdfa985437c5f07f2674069

SHA1
e30c158fed3dff2bfa88d4628113cbf14f11915c

SHA256
6e1829acfb917e2cd0722090134d1fb430b8930d927fe4f028a1ff20dc22c80b

SHA512
9f1fb2c02965e2d2e74c01acffe07879f63075e664f0210b048304eb54eb11aa9a6ea5fbc6c449b5b22cb6c8809dd8ee0abc1f45dbc04c9abc9226531f3aa49c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b74681ac472612d0e988fd905e18e8cd

SHA1
a86b8141d3833079d7f147be5043e2531c64e5fc

SHA256
9de46d7698bd6fba3cdd23c4ccc85864b53819eb29461aec74898a05069a1463

SHA512
c20737da324f47b2a1687ccb1c0673da5b9d67088f649c4490861137c51fa1548e68b813bdc50b22c3ba9a0dc97dab7b4c8bfe57e6c824f1faf816153996af51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
31cd8443a73e2703601c11ebc53e21d5

SHA1
fabbbabe2144969562985faccd79a15b5739d1e5

SHA256
a48548c6fa6127bb81d09596ac712a85006c3612175f055b40bad202973fa7ac

SHA512
7df4b46623378b19804a148060de991e0ed291fade74e421b19496cbeebe805a02dc01c4e238355ba2f1c8d33d0ba636828790a136be245d553f2b96d0dc01d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
e342cdd3476eab3fc4355030eb4904b5

SHA1
93ca285b1db7296bf8a60f00c288783038c4e340

SHA256
ef993ae5cccd94b343e496aeb619c75fdd5f21eb934764ada8a881b2e7853e1e

SHA512
d2c7eacf2427130e23488ae885f7ab9e09c93d8ecd63c190cacb08203687ebc3fcb62ecd13ffb77ac7af2c1127890b35991baba1d1afcc64648b52a18794cebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
098fae73e9993bd1902b628052b1ede2

SHA1
aae79cfbabd6369185cab290a739dce04d199bdf

SHA256
9cda765a600864ce35da7ec1d7d0a92421ad7f64ada51452f9a5ec94ed077caf

SHA512
952063777278f84c52680e1322cfe960465353b1cb106b2152048b612b92fc57f17e4f4212def3ced1a283248fffef1e0a0ed64fd26c9d6905add01840d74c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
74331ab10431380af3519301221e7bdd

SHA1
f09171772b1452840aeb086507a7486736fcd3df

SHA256
d56e3f4cd15f03f7231d6f1f392c61ae52e6d999e0221067640e5278d38e83b6

SHA512
548711b776c93992bd2633453fcb73c02d95565a4cb13306c5857cec227a8975b20668fe28e65e821418499c33812ede715cbbf6208e3e9a5ab75a06f5234965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe579124.TMP

Filesize
93KB

MD5
dd25dfdb446d6f0043166d183468a9da

SHA1
eee28c6b6df25aae284dcb62f2e7f4f7b194e03f

SHA256
f66771d4c5c032ab59b3423c7a595f449e9978bf8f4a974a65d83cd1432200e0

SHA512
efd6b3b42ab92b52992a6f19c768e410fb4815d239a30c0124135d7c0fd05716248e0c8733bc6c16d19848424a51cd824a84d1469516374a3d1dc9e1bbb03d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6FGHNCOX\PCClientBootstrapper[1].json

Filesize
3KB

MD5
c931b2150e9f7d8be0f6500775d06198

SHA1
ba7f5792c7e5a277986dff387004f84d0b1d6d9f

SHA256
f15759d11451c193095cf20acdd46872b30d77ae978f1e7a009a9ef7b4df9861

SHA512
3b266b567eacfe402837dbd2807dc90d9253d3d225bf915638c9f2602a7b60b3a65cdcac2cb06d3bb4be882c991eeb0be109b16ee10b27784b8b1ecc170dc140

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
42fcd3d0e49864500ac6073e7b707de6

SHA1
d6f4b225dbd68d3729b0ea086e95f502aae2ef71

SHA256
4ecffe7e26029ad210d6fcddd2682902aa0d82232f80fd165e35a23e9ddca493

SHA512
73e9bf81cade019253262ac9e1cc156e1a76a05d7f9327b6a95fff2a5eecbf7cdeec471303fcf3979214335a8ec4d3b38da96c8676d361e133d6dde65e03dcf0

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
42fcd3d0e49864500ac6073e7b707de6

SHA1
d6f4b225dbd68d3729b0ea086e95f502aae2ef71

SHA256
4ecffe7e26029ad210d6fcddd2682902aa0d82232f80fd165e35a23e9ddca493

SHA512
73e9bf81cade019253262ac9e1cc156e1a76a05d7f9327b6a95fff2a5eecbf7cdeec471303fcf3979214335a8ec4d3b38da96c8676d361e133d6dde65e03dcf0

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
42fcd3d0e49864500ac6073e7b707de6

SHA1
d6f4b225dbd68d3729b0ea086e95f502aae2ef71

SHA256
4ecffe7e26029ad210d6fcddd2682902aa0d82232f80fd165e35a23e9ddca493

SHA512
73e9bf81cade019253262ac9e1cc156e1a76a05d7f9327b6a95fff2a5eecbf7cdeec471303fcf3979214335a8ec4d3b38da96c8676d361e133d6dde65e03dcf0

Download Submit
C:\Users\Admin\Downloads\RobloxPlayerLauncher.exe

Filesize
2.0MB

MD5
42fcd3d0e49864500ac6073e7b707de6

SHA1
d6f4b225dbd68d3729b0ea086e95f502aae2ef71

SHA256
4ecffe7e26029ad210d6fcddd2682902aa0d82232f80fd165e35a23e9ddca493

SHA512
73e9bf81cade019253262ac9e1cc156e1a76a05d7f9327b6a95fff2a5eecbf7cdeec471303fcf3979214335a8ec4d3b38da96c8676d361e133d6dde65e03dcf0

Download Submit