hxxps://filedm[.]com/download[.]php?id=8jA2z

Analysis

max time kernel
176s
max time network
194s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
29/10/2023, 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filedm.com/download.php?id=8jA2z

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4536	Roblox Evon Exploit V4 UWP_54212734.exe
4764	Roblox Evon Exploit V4 UWP_54212734.exe
4552	Roblox Evon Exploit V4 UWP_54212734.exe
2136	Roblox Evon Exploit V4 UWP_54212734.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133430156048486002"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
3976	chrome.exe
3976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe
Token: SeShutdownPrivilege	4456	chrome.exe
Token: SeCreatePagefilePrivilege	4456	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe
4456	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4552	Roblox Evon Exploit V4 UWP_54212734.exe
2136	Roblox Evon Exploit V4 UWP_54212734.exe
4536	Roblox Evon Exploit V4 UWP_54212734.exe
4764	Roblox Evon Exploit V4 UWP_54212734.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4528	4456	chrome.exe	71
PID 4456 wrote to memory of 4528	4456	chrome.exe	71
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4988	4456	chrome.exe	73
PID 4456 wrote to memory of 4980	4456	chrome.exe	74
PID 4456 wrote to memory of 4980	4456	chrome.exe	74
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75
PID 4456 wrote to memory of 3820	4456	chrome.exe	75

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filedm.com/download.php?id=8jA2z
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8ae089758,0x7ff8ae089768,0x7ff8ae089778
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:2
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2028 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2864 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4644 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4296 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4972 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4764 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4804 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4656 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3648 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4460 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5192 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3140 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5260 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=688 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2968 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:192
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1732,i,8861773783903374963,1219800179155991889,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4536
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2136
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4552

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
42b87afae3c8d9263de6915b8fb6d894

SHA1
82a4c07e361b75a11133fee38bf54f313c58b93e

SHA256
76b5af9e86fd345ff35ff9e7624f0b6e427caea39b73636794af48fb0e6c1b53

SHA512
a372d2e08dd7a595ba7ab0dfcb4e1f6d52778f137bc83c3cf8d549a666fd91639563bdc0c0fd82942cdc18e123491a94f6d1f4ef7cbd480c96d6c91d29577dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
a29ae2eefe98f9e49997e8aa0bd64280

SHA1
94d50407aee6820b924a545e6feec7bc10bc82a7

SHA256
4f4aaec4d67f06e121c8298b586d45a05ca8d778fdc86871d771cad286454fa5

SHA512
1237e56b238e3be604907c825ee1d11bb93f565bf16ca90b6c56185805c8bca170a793a5da9dfb2f38d94b055a973419398a44661f5a4ce5853efa8061c09cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fdb2e98d8688d09b03ee420a305c098c

SHA1
21e49860f1ad59d1f4aeef2eb723b971cd007cb3

SHA256
ba31654135ec6cc7045915ce5e3a20209ce3dcd9560231c35b0a8a60114d5308

SHA512
52e9e492a3dd054c8ffa6d69678f2212595803e9acf7d75efdda2df6cff34ec16cb42f797481b9fb22c87a1867d8138a2784eb6273275b16283b2d246abb48a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
031b75c13e5b3348502bcb80efbfbd1d

SHA1
33f129983f506754db74ce2153daafd50f1b2210

SHA256
8b1d155c07141a79dee380af0fbbc91d3dfc94ff74e0d88807fd6533e45058f1

SHA512
1299b7ffa33d5ce6e6420af9a0df54fd2425275367aff6164b7285778e23e152b3815ea0f6142f16a42ba506c60f6e81bacfd8a079851fd7505394477ee222d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
c3b240872200e2e1a30c48842c55dc2e

SHA1
11f235f1d03d779445ba77cd1ccfdc866effb5ca

SHA256
262bd9757ecdd716b86a11f45e0cb34e4933675225de15ba43681f6fb1d6a812

SHA512
f076a09e4d88bd378d6a7dedf4a3a01a6f4b19609a8f08dd2427550b53893034ddc629aa931fd78bfa6b39def469777361222323d3151141f455caf9b4324423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
704B

MD5
98215e35294fd7a754f972e54d5d816b

SHA1
4e16bf0cdbf521a109cc775111324aa86ddf3c13

SHA256
e942191470baf5b6a528dc7f78e8b4127aa3d1b9037e41b79282604dbdc32347

SHA512
97c7db4bfe21d50235a194a7d1a07643cfff51e463eb3480c9a081565a909c7abcd1f2abb6ed1850f1fa1a1bd4617a83918b7040d91bdec3db6cfc303723583e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7e3bde518ea5b8cca28b8536da1a6ae

SHA1
233fb53fa939a623b546327ccbcab9ffb3edbe99

SHA256
c5cbbc17750f05dfc5487bfc758fb6c4abc411eb572a8eb875d0afc8ff728180

SHA512
c0ce75aba7d76f7dff723aa63ed8020f1f58dcd962a2c7c944eda9acc3727cc394b232ff137f7e56c5ce348df290688dde7a65e758b4027220d119735f07d916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
96c9fe707b3b871f18d148817bc17322

SHA1
c5d682a0c45ae7f681dd874d73b83bc1c93b679b

SHA256
fbce0a3807a40184c4caaa4546cc8aa7b8dcb1a96dc16449840867f73d73f48e

SHA512
5be49c0caeb6600ed6bd63a7542987ddf70c2ceee3f156dbad87fbaa3d37d3129029f13b67eff11564e7e82f6e6cd21041ea2f31b2b8e4b0e6b914960a211fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a5198955fa43c54008dc71211ef10a08

SHA1
a0958607bea1ca6b35a55c23f8428280c8e57925

SHA256
11ca2af1af7a0bf76ae1a22d8c7198e9e6291966f588ed378f8911ca661c7423

SHA512
93e48177bcdb23dda4ba0bf3f5e46a6b2ce38d66f6e10e3f33db4d86f73890c708359666883773af73d99cd620cb24827a8dc0f80889a105971af130b29bd083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
654f41d303933f04e23e30329bdb78e4

SHA1
a57c4911d7aee257ba6707f52f2d0d95b90d9a32

SHA256
5316913812665fcb2533dd133931a112c404a4b1574515e71c6210fe484a9425

SHA512
d635497fbb1cfd0b3af43c951dd705eec6dc4fdb55e3d39b36459d229806c7bc0995d5e93719fa487f9eeb3762c2693e0cc93428f62df6b53623e80fa8ce1cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8bdb0e54424f70b5ed861be15d544fcc

SHA1
f12d6c93068433c524e2855a4f3428bdb0bd25a6

SHA256
8b58c518bc56e8c82257379cd67b811c50deb7d531dccfcea8f542e77e22fa07

SHA512
f0243ebcd018b9551124df8fee00de49bb867cb9e1af338be30b9fa177ebeb0702ebe6777c96b0084af85d6272390cc9db0e55e7527ee182cc7593ce3eb255bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
22c3dac29e096dc76db1b44ab4c3c694

SHA1
2613aacba2bb7eabece114be4b74d89b1b56185f

SHA256
68bd300885f0fa6f830c7d747a2cbb247b64667d9c5461454433f3254f160029

SHA512
915cd3df6f2b26e4a3c14b0f623888f085f6401b03b6c9f1e5bfbcd31e57f6a16f7037daabc8acc9511e5c2f51c4b2118aedd04c4a645221e4f5b332b89599ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9317233bd731d056249b6a214c8570b1

SHA1
1e044d85519455a5c05ac52fa08fdadbd1191318

SHA256
eea7311c6a39871d945581f8c498d30d932f7ecc87b23fe1e12b39d3e4471e4b

SHA512
f1e932d316a29ba3316d73441a322575492efb448655601968d860fb300ad1a55ecb5d4843c5e4dca44ac39825637171ec6dea3ce2758b74822f5b349e389cb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4d0a66da87bb7cc90e060ec273bf6ebe

SHA1
9d9241ccb8c72822dcd329f69f8a6052806da6e2

SHA256
d60d71338bfe5561f56a212369b1ee392d150a949eed6d840d9d732b157a6da1

SHA512
109b99b36d45c35feaceb95203b6dad5f4e1e4d648757c67b09fe22968fe0d9a9bd15765a05f9eb8d6beddeca614c1e8e0555e882974e754d18f282d16e27b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
59691d684094e32d315335f4be2b3d25

SHA1
2f335c58e185550a5ffc528388403d14f63c94a7

SHA256
dcd0363a8dcf70c92d30babbb67cace58f375d4367fba23eb839a18856c96be5

SHA512
0d1b5be11168c4e4841e4be0503535979c1b525ac3045d1b4466d4de04e40e3d6b6874989b95dc8c3fc588dae438cfdda368d6d2fb1c1de53f1a70885e70f7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
b743303e37366a9efb261cb1fa710308

SHA1
407fa1f275fe4f9df7fb891aaef9016f92f2fdc7

SHA256
7da826915916d1c68a4c2329484fbbdca7487689a605e643593af1561e55ed94

SHA512
c9b308b627e7f190855332935cb49030a8c50c8dc8f79fe70199360d2790ddc5ef3329efed0d91521418ba3d4ce1bc274a2a8191b0a3a817c5902caed5cf4440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
a72bbbc146eae73b13b702b87b9804bc

SHA1
2868af825951dada9e7d7537e9730b662350ffa7

SHA256
991e45d77a8e5a7e9fbb05b9d94cfdc5230c52810b8c880c49dc14c3cba871db

SHA512
488add988cfb2cb0c7ff568c6eca7967beb615c1959da0c2f323cc3f29885eb45e06be56057ab24a683670fccd6c8708723233b7bb3603670a6b00b5cff08f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
bb90add8a724c946401ed7d41e77c0da

SHA1
ba71a965b779b54fff9ce86e61f2126ee3c9d131

SHA256
89892aaecd35e8549e742a7bb2dbdb7291051a19c16319af645594c805319a70

SHA512
84b4398bca3b4b02d49bcc83e9035c46094eec5cc2e8069b17435c5a41aa76033fdacae941eda6260068503b2a56947a73c72e91359c0db4fe5184e53e13701b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
d06a0a33bd55444108da46f6f947c3eb

SHA1
6abe2ed418c2c67836117e2359e708b42df68a87

SHA256
5ccd7cb054a8ee52573b3f47735765a015333496f0e86c125ef4cc81367cd7f9

SHA512
6abc29f04142b2dc29b132ff89fda264d15c373da140bc297443ecb60905ed4cad3d825475eb71a3fc098ebd29456980210659588553a651be26ae5724fe8b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
9e82057b1ac2020ea1b2209724985449

SHA1
1b0be9e1901c842bd81bea8116cdb58d0a7843ed

SHA256
30d7df7c3d4f5b5cc9d2b9c32ceef9405b45946d800e03874e43911b3c8fd9e1

SHA512
21cf2faa982bf3ecb1684973a5441c6a5d4d816f39f8ccda1c1c00476074af5723f594c9420265e804c4041f00c526c1936e5df2fe8cbc28e0fe01c0422050d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
ed58b4dc0520df9f47f12237dd7ea317

SHA1
ee6f55d034221309b8503b49331d624142ce67a5

SHA256
54843f8ae858e6d656e7848c6d318b8b7e3712e3dd6fcdab6f0c491fe9085c7c

SHA512
234583276848dadfe05313506e33fb86babb5ea036fde73d11142751510bb14080d48f06e1c2a5b8db3c3c92152879fb43c60f564565e80744b5be0ac53bc1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c20e.TMP

Filesize
98KB

MD5
f84a6251dd868c7c704bab87734e7b5f

SHA1
40e14391fbf4f1d368b0f174a4b9532dac88ac57

SHA256
f997b8420dca1c22a278cfd3d2b78bd549dc163db39eecadcdf6e7aa58e8e3aa

SHA512
7710b0317bf957d175ea8516875021ea52a32fad3a87d2b2fe1c3daeddd1fa163bf67f8a171c8e7937ad297dd6076df7e850dd156e2145c1d92a3805ad0035c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_54212734.exe

Filesize
9.5MB

MD5
dae050afc8508ae428be7e560cf02a49

SHA1
1601f3f652eec4081f988e81031b93caf80b9b5d

SHA256
83c010d7c668e4fd51f630077ffa10b7be51d373c2bb7008ed9d3f1dbaf226cf

SHA512
edbc3f651c2a1b43bfdf7c6240274db16fe7ab28e8ab7640ed066d8d82c60ac96f6c2aa729f4e8750ef38f2d1382cc20789630817f207eedcd3cf5048d9193ef

Download Submit