hxxps://full-games[.]org/wwe-2k24-download-full-pc-game/

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://full-games.org/wwe-2k24-download-full-pc-game/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3928	WWE 2K24 Setup.exe

Loads dropped DLL 3 IoCs

pid	Process
3928	WWE 2K24 Setup.exe
3928	WWE 2K24 Setup.exe
3928	WWE 2K24 Setup.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\WWE 2K24\_ci_gentee	WWE 2K24 Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133512030538644811"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{89A79C64-4E50-4ED7-9C30-0D9122B1A833}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
3928	WWE 2K24 Setup.exe
3928	WWE 2K24 Setup.exe
3928	WWE 2K24 Setup.exe
3928	WWE 2K24 Setup.exe
5012	chrome.exe
5012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe
Token: SeShutdownPrivilege	4464	chrome.exe
Token: SeCreatePagefilePrivilege	4464	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe
4464	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3928	WWE 2K24 Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 1132	4464	chrome.exe	77
PID 4464 wrote to memory of 1132	4464	chrome.exe	77
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 3548	4464	chrome.exe	86
PID 4464 wrote to memory of 2644	4464	chrome.exe	87
PID 4464 wrote to memory of 2644	4464	chrome.exe	87
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88
PID 4464 wrote to memory of 568	4464	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://full-games.org/wwe-2k24-download-full-pc-game/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7e419758,0x7ffc7e419768,0x7ffc7e419778
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:2
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4960 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1620 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5568 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2592 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Users\Admin\Downloads\WWE 2K24 Setup.exe
  "C:\Users\Admin\Downloads\WWE 2K24 Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1896,i,4694476004452160833,3698367610155760465,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5012

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ad026a84f80d2bd53811bcbee79aef61

SHA1
ef18af0e562a3be0e865f312d927732c6ffb1000

SHA256
998cc3a60592b99b11e27e39385a652dcd52e6014a885d92060a77470875a88b

SHA512
c46415bfd5bb21fcda269719dd56f8af48cf58e82dcc0540f9245a99c28e6045d0bb9379e1a929a5b64e13a6a474550a8bb9104529d303ea3143c66bdca65038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7b9b2721-096c-44b3-8917-a19e32b75d8c.tmp

Filesize
539B

MD5
438c3025132a9678beec8e6c3f91a07a

SHA1
3954022d3034ae272dc35effbb9f7ee505e18c31

SHA256
204d1ab07e3554e9421739168bb32fe3fd1a3d40059c50f65afb56b2de2d56f1

SHA512
73f8c9e6a2252be133fd3d7b130653cb8c453f498323e87c7b05e59abe91d4821701f4a4eec9b23adefd1f11e8baa807504e14e1cf42cb1fa8557e163c944c90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8bf13767e68ba8361a093a8d7053cb5

SHA1
07d056b0fcd68753b8a5a96435c6dfce154ac1a3

SHA256
5e4e17747f182e54c5bf22eb224a149d48bff1f9fcd162e5f3b68a4eeda94f20

SHA512
54019d94514ad1170cd0e83a4992145f5bfba57ffd96ef7ce469530a65c6f208d3fca20477d5ec6ba838d3e6e9f1dfdb081df75d8ac1981a15bf5c688d42d26b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
927205277389a4582cab5c6222f606c3

SHA1
3dda577354e0c6d1ea0e8112cc3785a18cd01bd1

SHA256
e188ba09b54484e2fcefccb520fed86c782b8a151a6a5ecde20f2961429d910e

SHA512
9cbe4888eabf9763ee66127ce212bcf42028d77cbc2628d858c632f1d8727f4e4193bfb568941c836d6ed89bb65197b9d32a9177190aaa3c01e4f4af6b863ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3586f4d63111d101cc43588c777dc7d3

SHA1
030f0171aeade0f4af84ebe7893eff7a75d0eaff

SHA256
8c203f2b78481ac16112ec731d18ca2e8f6a1744c7ec835a52c94a1c354b62d9

SHA512
5ccc8d081930ff791bab8716b17e321bf7a0b77bf8cb478442dfa6800292d8021fd26c092bb8024d14feaece265c57920b9d1d0866f929e618a735b2278ddf34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
d94ee15d5414281dfa1b2cf124619e8e

SHA1
cda6a4817d344ae0fa1f9bb32c9a3fdf56d7b87f

SHA256
63f11b7d4975881ccf8e826a9ed533174052fa96d46174468816e3b9fef246f3

SHA512
64aff6edf747b290e65a10f5160870b0dadc7ee09ba1c5b9d131b70478b28221110f33871227eea2e40f0435ce9a6fcaa523b607e9b584575c90e055d85fea4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f25adea2353578f8a9d112b16da63fab

SHA1
1f032c13d5e5999b0c7574c4a8b68857dddfd817

SHA256
36730fd3a40952686a1c222f70d14b97526036629ab2b897bdefbc9dc4a14e58

SHA512
b5de767775e9e5c9acd039df30be94989675e4d9f9229379726669ee32f33e651eaa6c230c84a00b8c7009adb77041c8a4b10c54445315a41502123f7420fd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b802e5d794ba344030831eee41b3807

SHA1
05adda99a5e19a4417d15c8253a9cfbb66dc587c

SHA256
4375863bc07dfa0cb89c032ac2fefdbb8c25003e1bb9f6447439fcb37f7e6863

SHA512
2f959bc4ccdb4c15a2598f65b3cf224ec6d0f67ce7cc27df645a8e26008cdb33f04e91b6c1236a1623b7c18f3630ccdf4275c52b3e1032406689d58551d7f7ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
abbf1c8d48ad9f8b17660ba152e0f976

SHA1
8de82451956d94ac77422c74d6cb653435bdb22f

SHA256
4b1d0db618ebf071599eead334cea511f1cf586dc805f11b9a1f355b3a5aa9d7

SHA512
62f544e18a5a3ea0d5398836420532f560fe333d9ed5f2b7acdbd875d8ea2f305a7c182ea654ee6ce6760a3bb5153977d55356ec0b1cdd338a90ff1b7afb6d10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578a9c.TMP

Filesize
120B

MD5
207e698f84420a50c59d44a960d888ad

SHA1
61ba9e956167c8c187fd123084765f0f70187067

SHA256
03951a5d0e5f571b4bd8b0e9c64c0fcb8aeeff0875fb62064aef4a888deca400

SHA512
56acea463e38039225d2026d33f00440b66bce55ff026b5068dc5b1cb6ee914a1f89bca2a601c1a5af734db4bdb33034f8d43e6d4a4a57c1614e1fcecd240d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ccd302021757d86c58e2842713d1c4af

SHA1
83a70de20565dd136e237d01715764c95f2eadd2

SHA256
2ae447c4619136d96dc7a7b5fd1291f6d055b36a341435280bccf043b5c2b31e

SHA512
bc47a8a5137c35960d3749e6542e899754bc7c6e79510444f0893f4294d51157ccefe7f42855cf5be2aa91d534ae56126e99b5154dcfd80613a18ec79d2a9659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
69c72c39a21944d56081c7fa45da8d0c

SHA1
ac251a992769f61bfe0e23542d0de61d5426ca09

SHA256
0afcfee9bccc2ce55874fb2ae49c7b3c8a71bce27ad0eba9b719bda2266e1811

SHA512
2fc8ba65491b82e1549365cafb662f84ca229d3216d4300e67f625e6f199fee7201354622445e59fff3acdf5b617b28f3f1ba4421a9424a1c3044ed62a955dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bafbda9b81d1dbf8b5c94b3bfafa33ad

SHA1
22e473cc853796c130d6afd4092b129e46f1f9e2

SHA256
e1d682bcf34acf9f349fccc87e4a9b0af311189844ebd0608be772de8118dd98

SHA512
0f638747d808cc4ef89761849f5bde8525d6848263e3d17322002550cafbd23fccaa6301e275c8b7a701c967245ac308be0c366d8a1100d327db4b92990f5222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a0695bdff547a39b33394cc2557eb9b6

SHA1
a4ad3448589ddcdc2b00b51ac89d66d513eb1c88

SHA256
568a86aa4b40c5db5736234ca3da3359ce5f18e06a897a3eb7ef6ca00f7c4703

SHA512
203d942eba9bb1ff601e20fc5bd0add260991a13352985e896160b1b0d2e7a223e0a36d0d76084c9c95f1b7c3c10dd902ed7fbfacf893098c37ce01deeb09eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
0fdf1de42e094c900e041ada13aac990

SHA1
9724e2c0be6ccace686bedbdca63a462c1a0f1f5

SHA256
2a0b0ed5fd5356809b45f6f79b40dea833187224adffe4286ff1d9770268b3d8

SHA512
ecfe64a4626a53b6747d68485e63eab006b9ea5af7afe711d93254f923bdec84b44de1667c73cee18dfe35cab0fa8d40cfaded4b84cf0fd0d6ab23df93239010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
0f573a1c6653ec196d05b3e487217ae4

SHA1
7b9b21b19a2787040947da77cb0bac2fb1b0d61a

SHA256
4823f129771b429d8b4a81027df40117ecadd276f3df041f77b5d034b34cc3d0

SHA512
48b6b5a6fbf91d7988d5383145fa99da079a46863859cbcba2346eb0b8a8454df944b1860f7186573f27794a21b52e5b8bbeefe61415c329b57cc63dd3bfc306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
da935f300a5bbd314a4940132d027ae5

SHA1
61d0975ca66eea3f3fa78601b087877dce027097

SHA256
f829dffbb0040903ab58b0bb367a408d81882d0b37eab582eb6c48b0a5bcf01c

SHA512
16b68c4b835a9e9e656e0feae9f4e268cbd94bb9e514d9f677419814d4fc92c8733ec1abec84648f531cfe2e1f1faeb626ccba5a4a21d5153b8b72e294839ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583757.TMP

Filesize
101KB

MD5
fb5a7bf064fcc7de0fce894411dfb3e7

SHA1
114463e18ff268e3fa6b8ea04400bdfd1e7a8c75

SHA256
6d88e7e19583682f7169290f9a59c86565b9b862fa00fc0aacb797be2d8ae033

SHA512
f43e3dd7e5a29e6158a1c6c920466ae27153708da99524cb5553827ac6f4761e0c17fbd7754e2d5f7e117bb85bc1f3d6d86de3bcb4ac399f6371ee75fc474066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\genteeB3\3default - 1.bmp

Filesize
7KB

MD5
14a455e9eef9fe7fea4de14d579a3e84

SHA1
c0265607ab41c6724ab53065ddfc22e76110b011

SHA256
b666e6bd71eff3547fb2f5580ac61c64527f6f9be6a2178fa00f80e32431460a

SHA512
8f7368818ef80c0e835de4e081315854979b427a8716f6f888985b53b59d8d6ad108ad534275404e667e7020e7b89d7014d55fe47d79a91ac1a92aefb193ca30

Download Submit
C:\Users\Admin\AppData\Local\Temp\genteeB3\guig.dll

Filesize
20KB

MD5
d3f8c0334c19198a109e44d074dac5fd

SHA1
167716989a62b25e9fcf8e20d78e390a52e12077

SHA256
005c251c21d6a5ba1c3281e7b9f3b4f684d007e0c3486b34a545bb370d8420aa

SHA512
9c890e0af5b20ce9db4284e726ec0b05b2a9f18b909fb8e595edf3348a8f0d07d5238d85446a09e72e4faa2e2875beb52742d312e5163f48df4072b982801b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\genteert.dll

Filesize
60KB

MD5
6ce814fd1ad7ae07a9e462c26b3a0f69

SHA1
15f440c2a8498a4efe2d9ba0c6268fab4fb8e0a7

SHA256
54c0da1735bb1cb02b60c321de938488345f8d1d26bf389c8cb2acad5d01b831

SHA512
e5cff6bcb063635e5193209b94a9b2f5465f1c82394f23f50bd30bf0a2b117b209f5fca5aa10a7912a94ad88711dcd490aa528a7202f09490acd96cd640a3556

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 840389.crdownload

Filesize
2.0MB

MD5
350ae04ad8c992ea9d68d03937b54187

SHA1
fbcee6b3017befe06c64492d6b2c8b5ae4236c1c

SHA256
d447d54c7a723825cfca8a8091700c9bca8d7f24204d2251ab13a6045d75ce74

SHA512
d35b0941a99685131de5fefd78048bc5ff2f46c968d269f5301dabaee6806909ad8aa4212c8bef092a5b00b80a94368ab04ebe0db48636d6c0ba650f9b49ee9e

Download Submit
C:\Users\Admin\Downloads\WWE 2K24 Setup.exe

Filesize
5.6MB

MD5
1691899fecf07ba493ff685dcf408dd5

SHA1
cb03cdcd7f1ceb81b1600dcfc5841697f6618e8f

SHA256
8ea1e13decb98badecb169a0d17f772b12540a9d4c15d9203cbf50a2b1e5bcfc

SHA512
95460093e0e618befbcc844435f42a33b05c8e66da5c7519a088d5429291134e01622cb896c134c2ce4bd2e773044f050771d9ebd0c1d45fb3c1e8a041405bcc

Download Submit
memory/3928-294-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/3928-303-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/3928-296-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/3928-295-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/3928-348-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download