Analysis
-
max time kernel
70s -
max time network
73s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/06/2024, 09:05
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://setup.roblox.com/
Resource
win10v2004-20240508-en
General
-
Target
https://setup.roblox.com/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623111558267136" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4844 chrome.exe 4844 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe Token: SeShutdownPrivilege 4844 chrome.exe Token: SeCreatePagefilePrivilege 4844 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe 4844 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4844 wrote to memory of 3680 4844 chrome.exe 110 PID 4844 wrote to memory of 3680 4844 chrome.exe 110 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 2572 4844 chrome.exe 111 PID 4844 wrote to memory of 3588 4844 chrome.exe 112 PID 4844 wrote to memory of 3588 4844 chrome.exe 112 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113 PID 4844 wrote to memory of 4888 4844 chrome.exe 113
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://setup.roblox.com/1⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4156,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:11⤵PID:336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4160,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:11⤵PID:2644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4344,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:11⤵PID:508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:81⤵PID:1612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5480,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:81⤵PID:996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5920,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:11⤵PID:4040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6080,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:11⤵PID:232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84308ab58,0x7ff84308ab68,0x7ff84308ab782⤵PID:3680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:22⤵PID:2572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:3588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:4888
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4268 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4120 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4472 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5804
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:6012
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3040 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:6068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4260 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:6136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4556 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4100 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4316 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4508 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:6008
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3320 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3096 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:6064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3132 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:5816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4992 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5064 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:82⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5320 --field-trial-handle=1948,i,2029039391669581751,6229217330538225264,131072 /prefetch:12⤵PID:5564
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6452,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:81⤵PID:2960
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x444 0x4a81⤵PID:3400
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\351244b3-6957-458a-a326-b53ce7d03052.tmp
Filesize7KB
MD5a31676d73fd2671c27d9895774ad6e08
SHA19278176832afdf90693d3c635dfedd909351b1f3
SHA256fdbbd8964ffdabf1f4e2c4135fe29d36b7666b7077f18727f23c92e2d0a8f29d
SHA512457db5d69713b132a26414d9ba60b8cd470c6c0e9699595eb7d353248b3dfcfb5b7866768a9b22b8eab29d3208c8226efed901f051a2053ff05b9b60657cad46
-
Filesize
59KB
MD5fac49e161e404a2a94033d91245077d8
SHA1fcdd095a60d94e7fedb86bf29c784007b4d7e9c7
SHA256782fae8642551618ba67e354c7335e274ffeb931ca0c02698e5cd8ca5931a349
SHA5120a3e34ab9bc45b40f7c2b2c26896ced8869a78992e1a8fae4d0dffd7815216a0168c19661de536b6174f168f88563185ed87929c04a7d8238250960bcf562bb2
-
Filesize
40KB
MD5aa12ea792026e66caab5841d4d0b9bab
SHA147beeba1239050999e8c98ded40f02ce82a78d3f
SHA25665fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA5120b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27
-
Filesize
69KB
MD54f9d58547367f284c0fa5c840c00b329
SHA1afdf5a998830ad8bea4d57ad8cb3882ac911b43f
SHA2563104d7911ad5190e95f4bcc647740dcc286325ca7a57f46510cd7970aeced0cd
SHA5127d21bdf059b4cbb5a1203c8c7333ea91118bab3b6d935f59e7e89637eb31d2a28d69033ce8501431dfbcccdb6df1f05d86cc4d99af01c68270a5577b795eb350
-
Filesize
327KB
MD56f19acc3a8715d595c647673a4fb0d62
SHA10e2f19967aa60bfe7392f432aa391a6ba90edc21
SHA25644183ab5b1b22bc5c31fdfbc3b4fbeede4927309d47f160f0de12830f8bc7fa4
SHA512b2567dc1651ea1aa0c8e63131da719663f204bf26abdeb3798733c3cf05229b9bcf54cdbf4c014ddf28df182a16a99cc6fc66e795d66950de77a94459352845f
-
Filesize
133KB
MD505855fe1a2c408b86d50794f6cd302bb
SHA1ac7a1e0debc00f857d1818f740c9f4c2a1d0c0fd
SHA256c451ace14159b321c688abdb09dd8f86c100be8a7e9214717fbeddfd3759ea10
SHA512a27e0306f7e7be3a4a5dbffb136443f67f57b5478d4b312d54e7c3fe8488afb11f64980aa59cef37485222431057b9c9397820c92af85d0d94c89049e2853805
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5ee1c94e1bc37fbafe461c6863237e46b
SHA1c67cb671f1dd9cf58c414167ec71a52ff7c88f1a
SHA256d429a95aa22a75006ef7f17c48aa0015ae8b3c77844f5a176441471185df5946
SHA51280e7686b647c12e8f483f9f52452aec316685a25988cd6b0b8c094aa44bdc771e547ac8eff07168477b211b5204889926c8288412084141af5d666f02e02d4d6
-
Filesize
356B
MD56022d0527597c970454764e116ce2292
SHA11ee581ecc522425a31bdc5b9dbf5ef23807298ae
SHA256607380f0f154a29aafb68ee54f06a3e2b351b99db4672c8cc6bbecf88bbe593d
SHA5121c1793ba809d2b2d7c6a5c8981ae47a85b65ed1226d0eb501f3e9704af37d2b50ba0ea87e32ab1307cdce5031121d5bbd22192223e3dcdddb4b441433463c10b
-
Filesize
356B
MD540eef23b51c2e5f184e984d960fac5a2
SHA128c82fa3a5b5888c4c5f892021c93c5c8d74f699
SHA256ed720959f72bd2d9080e3767bef491c282cf05689c6c8bdcdfefadbcc6c215eb
SHA5127f60fc3968648c23b27350e336048458d03d9f75bb93a18f8ee762655d5a0a68173d2c33d5b00fc6b4610798b0e902ebadf21c3cdcaddf217d9cb98745e2cf8a
-
Filesize
8KB
MD5b2845817ffbb1d3b316c71ffe635093c
SHA1bddfea7023d10d43024e84204b742ecbc59414fe
SHA25677fe864ad4787cfb85fadfa863197b6164a0a0f5612a0110930bb387892254a6
SHA51296e0d7389b6b785626b93ec312916b6181e4cf51dfa5ea67164723a78000ac6476ff4a450a7a1dc20194b7f88d711033a6ea4fd3c5512a48794724929d4c7157
-
Filesize
16KB
MD5317fc53470ecab8440451d1caa61c148
SHA120a63abb6784a889a10d6014e1a36b96b7358bc4
SHA25636c6976b15facefceca9791a3a5c5cd34914860085cfee4c8c44e269f364c712
SHA512cbb83c4651a68e0559b5eca5dbd34aad461aff3b9fc1b2b9799e0a7c55f32606256c21bc5cde58b6e0da9a472220c2458b4355486dd4cd5870786439f6bf5a6a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cdde15d9-dec9-40e5-ae35-7f690b096a16.tmp
Filesize7KB
MD5601890083b19f9c9892627cea6c7b2dd
SHA19aa3a9c4816e95f3acbab22ac1f0f78d902fd90c
SHA256d2e823109bc42490e617d9ae1759842753865f3adad5f6a2250249989b017466
SHA5121e6b53b1030301c03dff4e5e2d336ecc701b580dfac57987cfffa82d199ae0c04cce6f53080cc5d20ac858906278cd54b0270b64dd2b9a793ce10749f490b36a
-
Filesize
263KB
MD521d4f63dffcbf09005b9fdd7be6a39a2
SHA1d5eb9b36eea1902171c4f1a1cd62b470a73c06ac
SHA256e313c4658fd053fb3da9e091cfdf6d23985ad745f1bca65704784b9a618df988
SHA512a0542ae95be4c656fb1dc803e48f06ad1041b81830f82c25af53dbcc8258fc6937869fcf7e755b446508837fcb3798944643a60f22533fc1e8a6fac8acb7440a
-
Filesize
263KB
MD5c48bb5d5a6e2a06aa5932a24bc6ab7bf
SHA1f43558af7b6e2feabf595283add734bf56ed0101
SHA2565ae748af0f8f1859a0e281fe0972aa6d1c208c40d79ac21b53ec92697e391a34
SHA512417549c20c4b5d841b2a16ba50e3feb8a3f12337a70948184cd7ae0bf7051a67aadd5f8531f573c70f378aeb2eb4bade892b4f8e5741b57976d4086866fb29cb
-
Filesize
263KB
MD5e401f9c57d4ec00c957d0036c21815d4
SHA1dbc0093bef74c28716feb398d084b6a9f1db2940
SHA25661a3139a0ebbf5430f1c222207fcaa15bcd61fc13edce83504e212046432746c
SHA512b646991b86765eeddb8d21dea5814e35ffe1eb0c61ebed0cffed1d4c771a257a1e02152355d111c999021a1470316f25c09353859c84ebb3e43d09e6c4aea0ef