Analysis
-
max time kernel
145s -
max time network
144s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
26-02-2024 14:57
Behavioral task
behavioral1
Sample
Roblox.exe
Resource
win10-20240221-en
General
-
Target
Roblox.exe
-
Size
26KB
-
MD5
32056ac7f8fc4525a735c22df28dc993
-
SHA1
1497c484e1a15898419f095f51ebfdc9dd46e71e
-
SHA256
5a85ac446052f999df206c70f515188b170eea21dcf8cdbbdaa90c61469470b9
-
SHA512
38a0ca14d03479bbb6beca4bf6afe4a7e56b8f7399edef291a86f3c71956a96a2f414f254b761de00cce0f96b418bc03fed00da94a82e573c43b252caa8c79ec
-
SSDEEP
384:5LW4i/W/7mgEp87wYK2GePqZhbM2AQk93vmhm7UMKmIEecKdbXTzm9bVhcaE6SrZ:Jq/sqoHT2A/vMHTi9bD
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk Roblox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133534330887385214" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3776 chrome.exe 3776 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: SeShutdownPrivilege 3776 chrome.exe Token: SeCreatePagefilePrivilege 3776 chrome.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe Token: SeIncBasePriorityPrivilege 4336 Roblox.exe Token: 33 4336 Roblox.exe -
Suspicious use of FindShellTrayWindow 30 IoCs
pid Process 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe 3776 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3776 wrote to memory of 3612 3776 chrome.exe 75 PID 3776 wrote to memory of 3612 3776 chrome.exe 75 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 2176 3776 chrome.exe 79 PID 3776 wrote to memory of 4580 3776 chrome.exe 77 PID 3776 wrote to memory of 4580 3776 chrome.exe 77 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78 PID 3776 wrote to memory of 4696 3776 chrome.exe 78
Processes
-
C:\Users\Admin\AppData\Local\Temp\Roblox.exe"C:\Users\Admin\AppData\Local\Temp\Roblox.exe"1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:4336
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb16139758,0x7ffb16139768,0x7ffb161397782⤵PID:3612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:4696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:22⤵PID:2176
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:4332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:4508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:3924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:3300
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:2372
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff65f847688,0x7ff65f847698,0x7ff65f8476a83⤵PID:3524
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5156 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:3092
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4544 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5132 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:2024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:4112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4444 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5780 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:3904
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4488 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:2040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5848 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:5000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4372 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:4348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7004 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:5628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7148 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:5720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6532 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:5876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6864 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:5936
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7432 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:5980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7580 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:12⤵PID:6028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7012 --field-trial-handle=1840,i,6547040950326856017,455761788961193576,131072 /prefetch:82⤵PID:5300
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2740
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
193KB
MD5ef36a84ad2bc23f79d171c604b56de29
SHA138d6569cd30d096140e752db5d98d53cf304a8fc
SHA256e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831
SHA512dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be
-
Filesize
189KB
MD51b24431e01cf8f31340f3d11f90e04e8
SHA105c92da5bce3de7550f85bb6ce1547fe0650d16f
SHA25654d7f153b41091a7d9e3bc5de2cff2674c309598d8b5ef0bb347420e61333476
SHA51214f5de62e6fb4983583da98f186ee040c42e06aabfd1a1b79aebefcc842f4f805fea065210222bae50cd28c5a3c66b84d4dce49d54c43d704a848300a32adcf6
-
Filesize
985B
MD5a213120172b3fdb6a8cf967e80a3c2ff
SHA1d5768928bac9179d55feb92a4ba0644a7ac1336c
SHA25626cacbea9eaaf19ed84359b7408facc393682ce4c9c718bfc75b84a52f315fbe
SHA51291463d10b0a324f43bb4bd42d4608a67f4dd009f0fad79d1f3d5f0baf8f0265514bff4de9b59129521329b1a3627e080b144e0dabef84f4dbbc5e85f380f8945
-
Filesize
371B
MD594a430b8757c05484484890a8b873a59
SHA1fc2ee8bf80026eb70c8a6429518795f569bd5e97
SHA25632b240378a7415943566a7facfad259e778e53a66d14d23860a29aa5f7783d15
SHA512032d26fa204eee3985917b0ad31817aeff611f25e04aaa1e32e5bdbab0b4f7fc1ef6fa79c83f63d4e63ca2f41b6dff36bbc4d0b1c58a32974b0b528cbe6ef309
-
Filesize
5KB
MD5cb458340dc3f74fb700f0243c57bf132
SHA16b2e4f95741f41c12effa1fd81bdf29a1becdae2
SHA256237584386c10dd38d1691a65cd9f371a9975ea41c3f26d36d0f35b4b09412fc9
SHA512a3a3b478bba5fc01c98f511aa3af08c2420792317ceabfdde1409014f1da32e873732c36e08140f286ada352d42798168e0a577d3db6fd688fa14418acb1dbf5
-
Filesize
5KB
MD58cf763718ef073e072bafb5f03a61e1d
SHA1f966af364adb5e2241a404e3518d02652dfd32e0
SHA256b4a9bf33bbf2147024afd353378dafdd438aeb39d37c663d6d39f7b5b199c960
SHA51211cdfcd95fc80c9fd16e126c4c40aa5e73106b3661ff4c1c71f6414933438ffcb21c9fd3400d8b8bd25af48aebf4b4d76dd7e6030c8dfef1fde3dc7615875ea5
-
Filesize
254KB
MD5064706f0e646db6df1445796e1253846
SHA17cf195470dff2defa56d0633826de523c8916662
SHA256749cc4daecc85e4424845c4fd3e93c389502ae70eb1b0704b1507576c95d0cd0
SHA512b8a756fac2eddf9adc7f2c399a8e74f344a167e22a5388b7b0b00c6723bc0e492a9c4ffa0687398e4cf8069258215887a4e124cb1fa3b2a8b577c937f0773a0b
-
Filesize
255KB
MD5ef9483e773a92a7bc556f3af5076c7e9
SHA1ddef584113b8067346a34c5e753712ca05cad835
SHA2565305e5cfed441e8c679c00b13d7cd1aa6dcb754a0c6d1c7a95ac1ce0dc8cfe9d
SHA512ec08238aa024442b6a226d1cbcef86442c0c3418e97ab8fb7b30162eaee8be9c43abe3d0e5792acfa5041761fbf91e599e3e19cfd3fe71bce6c757c949ac3a3b
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
84B
MD532b9dc9cc81d0682e78627c873fdd651
SHA146c486386d3e153c3e9b11d54cb52cf0064b71cf
SHA256712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c
SHA512f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811
-
Filesize
36KB
MD58ab6247ab7af68fe4e26a10db8a94b5e
SHA135549ab65f12404ab920168852b239d704e33e11
SHA256550bd84ea78e7e55143c7aa0ae631b6ed3c42772c95828491714876ce0878647
SHA512029d8e8f9688bba934ede6f687f64edca904b6ba147eed35510047196358d8c34c7f80a05ee6293dfc5fc1c86cc023990b3bee64ec08323596c9ee1efefbc02c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Safe Browsing Network\Safe Browsing Cookies
Filesize20KB
MD5c9ff7748d8fcef4cf84a5501e996a641
SHA102867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA2564d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Profile 1\Site Characteristics Database\MANIFEST-000001
Filesize41B
MD50d3aa6e82d8a970cd10a25c07f9482b7
SHA17605c1ee7af8595e2096bf8a0b7ef498cddd7d42
SHA256f7a686beca8ff2227dda9de154cd59d18d1f1a991d7981dc92fb3b20e2a3e7de
SHA512a52e3e719c2cf8329f6bcfc8047c45f5538b49a2e800035c78caa22edd0c29e8f2e0643322be2320624f36314cfb818339a758783fb773065a76102f41640026
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\System Profile\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
88KB
MD52cc86b681f2cd1d9f095584fd3153a61
SHA12a0ac7262fb88908a453bc125c5c3fc72b8d490e
SHA256d412fbbeb84e2a6882b2f0267b058f2ceb97f501e440fe3f9f70fac5c2277b9c
SHA51214ba32c3cd5b1faf100d06f78981deebbbb673299a355b6eaec88e6cb5543725242c850235a541afa8abba4a609bb2ec26e4a0526c6b198016b08d8af868b986
-
Filesize
2KB
MD5ff838704f69cb036b289b98e40150ea8
SHA1b5eaec82845d49cffefb7ed34ab3aa140d727619
SHA25683c94904b684b6c180e16109b6d539cc17e4d81d5e4bb4a733d8a1a3a3e9395c
SHA512688f016361db376dd559ee09239f2ebfeb2d294c3a338360b2e170a8e494e35a373c02f42eeda6f92d55336bdd0d28e805da731d85a4302dea357698ab7474e8
-
Filesize
2KB
MD546585af324a37d6122c7eddf26563d42
SHA1567d5ac2c93049a8998c1576ea5a5da0a3e6d983
SHA2565bfc4fbd54ac2c0c63148e345f9468cfe4bbc1d99fae8bb96edd73608ce5f4bd
SHA5127c32bbfe8792a6020ebda8dea3b5b74a7b872a90bb70d314c3326c96bddc31c11f8c23d88418fcc23a6e27e5602d465379b8e77b15a225d1faa295347d427065