Analysis
-
max time kernel
99s -
max time network
106s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
31-07-2024 14:04
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
darkcomet
Guest16
127.0.0.1:1604
DC_MUTEX-R32X9VM
-
gencode
PikspdhE6bqJ
-
install
false
-
offline_keylogger
true
-
persistence
false
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Roblox Robux Generator v.10.exeROBLOX PLACE HEAVENCAFE.EXEpid process 212 Roblox Robux Generator v.10.exe 3008 ROBLOX PLACE HEAVENCAFE.EXE -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Roblox Robux Generator v.10.exeROBLOX PLACE HEAVENCAFE.EXEdescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Roblox Robux Generator v.10.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ROBLOX PLACE HEAVENCAFE.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133669083250864060" chrome.exe -
Modifies registry class 2 IoCs
Processes:
OpenWith.exeRoblox Robux Generator v.10.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings Roblox Robux Generator v.10.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid process 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exe7zG.exedescription pid process Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe Token: SeRestorePrivilege 5012 7zG.exe Token: 35 5012 7zG.exe Token: SeSecurityPrivilege 5012 7zG.exe Token: SeSecurityPrivilege 5012 7zG.exe Token: SeShutdownPrivilege 4220 chrome.exe Token: SeCreatePagefilePrivilege 4220 chrome.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
Processes:
chrome.exe7zG.exepid process 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 5012 7zG.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe 4220 chrome.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
OpenWith.exeRoblox Robux Generator v.10.exepid process 1304 OpenWith.exe 212 Roblox Robux Generator v.10.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4220 wrote to memory of 2016 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 2016 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 3524 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 2172 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 2172 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe PID 4220 wrote to memory of 4328 4220 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/?4rpsfewd5iapwvs1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9177a9758,0x7ff9177a9768,0x7ff9177a97782⤵PID:2016
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:22⤵PID:3524
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:2172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:4328
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:3520
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:3856
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:2772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5724 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:2784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:3668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4684 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:4064
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4796 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:4176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5568 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:4136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5924 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:4232
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5944 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:12⤵PID:1620
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7204 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:2320
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:1076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:4888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 --field-trial-handle=1600,i,13815575399205314936,6563923754031860620,131072 /prefetch:82⤵PID:4184
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2804
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5092
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Roblox Robux Generator v.10\" -spe -an -ai#7zMap12144:116:7zEvent27241⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5012
-
C:\Users\Admin\Downloads\Roblox Robux Generator v.10\Roblox Robux Generator v.10.exe"C:\Users\Admin\Downloads\Roblox Robux Generator v.10\Roblox Robux Generator v.10.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:212 -
C:\Users\Admin\AppData\Local\Temp\ROBLOX PLACE HEAVENCAFE.EXE"C:\Users\Admin\AppData\Local\Temp\ROBLOX PLACE HEAVENCAFE.EXE"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3008
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5bde7940abd784d91f9236ffeea928533
SHA11d994b328619ac40307ec13707ed98f692e43e01
SHA256e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5
SHA51261cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30
-
Filesize
1KB
MD54c57bccb194ae717847eb945f0aaf509
SHA1b3188d71fd61266401983acd0f5919eaf03dcfaa
SHA256ff1a832a89c5cf492f9e4c6391b6e4f1042dc08c6b3d334d23e4319aa17025d1
SHA512a112ff47ac95160c96a2c25410cd4ef727d8d41fb74d85f8fd60ed44385c15d2122822be0aa772706984c70767c5aa03923e6ba774625bbc99da801fc9142b57
-
Filesize
10KB
MD590573f358e247724dbcbb3db736a6047
SHA146dd839080437b981659a766e8707f3846bde746
SHA25629aac764f323f822efbb292a64fcb47c9c338272f9277a6c07f0b9da94d928b1
SHA5126adc8411270a9677d6675e3f6f6ca981d889fbda0e9a3652edf40f6b3fd62946c983836e03d9104346a1780333b266222570c520acae9566d8364d5b5a4fe9f6
-
Filesize
2KB
MD5b26af104e36e6c468fe29c5cc4f10ed5
SHA15800e4c5f9e7ddd0ef22f3aad135d02dba271bfa
SHA2560fc410f81db9694983e8ecea76d85da2c54042d928baaebfb306794218258db1
SHA512795fbb32d0117cd03830a8b6e761dc7596a73bc15bccfb7d0c5dadc876dde3abe70e0d7f5a377072b0e77bfd9b687606670614e3d4ee4a7baed0fa78b2fc2443
-
Filesize
1KB
MD5b9ffc2ec1340e710a5be518983506218
SHA17189f357e3a8c5f0e33088783c6bc7188b89987f
SHA2568edffa71e240334137569f4d9c0043d0f1caeb313d67ffd8b2e9d02114a7d539
SHA5128c5676d4d806058a35152620a45c320a11b97bc666583036aefb250d027a89df647f07ab5adbfef6df53ebe3d71821ffe9258a21023a970a53a24766ed3dbe77
-
Filesize
6KB
MD5ad39a1494a22ac16704b41a21b239b49
SHA1b43f0e4cca3dffd3bcf576db174fdf14bee8fc40
SHA256fbc8a2e9244e62634627c1f337b23c48636adfbfb7428948a35d520638ed9215
SHA5125a6a7775844155e4e85e08b6e34640565a9bb665639893d86088b4ca6b6081e7e7c66e1cff217c6c077370f8c861aab944c77b6ea4167559693b7491f956f2e1
-
Filesize
6KB
MD5f52a928f87ed85df4670a90672d38b72
SHA130a7659a61e29cc7843141abc02f5968c4a5408e
SHA2569717f33331e91b18a480974aa7fc39edb07105521e82eb4cf6d534b1399d2f84
SHA51242a70f4d8a0ae385221a2fda1e5e35a11cdee3682b7f001f4c7a84d514d39f3d029e75f2791cede00797b9744aa8d0052d451c90df81be62d665ad5e95115214
-
Filesize
150KB
MD52e15310fea6682eb03b42ae71383fafe
SHA12719746de69f4fabadf4cbf382fe7d90c2001156
SHA2563991c69ccc5ae8510649ab0a5b52e619ca2c3b8d394fe8714c8172649a0a1f86
SHA512e7796dfde4f002334d0e289a314fc0709f13d45e38101dcd8f03983d1683287d12bf42116816e9b28c4d4ba5f633f973bb3803d63b975e99250d4f79a067dd7a
-
Filesize
150KB
MD5ffe878a2b8694f6cc91dd209d3b8ec38
SHA1f724fe64fe8c940818bd4af6f9b03d56e213ff9e
SHA2563a389e316e1f80c9e933157d94f6efdf4ebc713a9286831254702b051c3b1199
SHA512c3d5b6474e299333342e6ba6cac4dda38651ad99a0bf43004f4986714ff18686f36a43bfbd5593e391799c4b106585fa75a4b53cb83ea968089dc61d7d674f8e
-
Filesize
150KB
MD59c1f7b19e375cc96cbe00eea9b439a1d
SHA16fd58ff43eba3c65a879f5b7a5c7fc3a1f7b6774
SHA2562242405af1e1778a4cfee7740fdcf8773ff0d5444e9865869670f6b44d6b4907
SHA512861c64a850a859316939fa345832ddb361d9eab4ad057bc6fd39bee043e5f803e0d92b9b67b82b5b415ae1efef27fdeda1b1c3aacab7a4a619c6f5138599e7f7
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
672KB
MD53f0150626fbd8e7e08bfa40a21841218
SHA129004dc694c41cf307be7884102b7eb546bed31d
SHA2568051e11325df0bbfd2d7bd0eba80e0fb6294a6e85cc30efc086bd5c88b36ea22
SHA51286da627fd289c5c934c7f296af3838b3634afdbfd0bb5db8b921f5b4f8fcc2eb1c58c855f30920f18325eddf11c5b56d9750fa866588da7b123caadec3b97958
-
Filesize
1.0MB
MD57c63281b3ffe379a393970771c3683ee
SHA129efef8cc45385caaecf368bfa76f6fd7bfed1ad
SHA256f8047420985eb880ddaaa5e4145e6cb2ffb5cbafda84a85117c9e4a1ea1076fe
SHA512287683ca604cff986e3fdf9330f6658c17fe890e01a3f821c17811c18c3383ecd2206f659b9267057883b80524f47750db8dd15d328836c6bb3243b565383020
-
Filesize
1.5MB
MD55b3bcaa26e2ee2f8a45334d78c3fc052
SHA1e281c98436417c8e7391db52f45aa238bae84076
SHA2561b0102bdd6510012958f505c993c174b40ba1fa8aef051e7dc2823812694a7d3
SHA512224b5907ba069ba0604263c3c9e468d3819e4b720361bb693d9b9d1cb44842a3b3f486178d28dcd0cba010268ade62150e19f926e9ab5a9f775d1b45ba762172
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e