hxxps://cdburnerxp[.]se/

Analysis

max time kernel
54s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-08-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdburnerxp.se/

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
5740	cdbxp_setup_4.5.8.7128_x64_minimal.exe
3120	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
6004	cdbxpp.exe

Loads dropped DLL 15 IoCs

pid	Process
4484	regsvr32.exe
4484	regsvr32.exe
4484	regsvr32.exe
3700	regsvr32.exe
3700	regsvr32.exe
3700	regsvr32.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe
6004	cdbxpp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	cdbxpp.exe
File opened (read-only)	\??\N:	cdbxpp.exe
File opened (read-only)	\??\O:	cdbxpp.exe
File opened (read-only)	\??\G:	cdbxpp.exe
File opened (read-only)	\??\H:	cdbxpp.exe
File opened (read-only)	\??\R:	cdbxpp.exe
File opened (read-only)	\??\V:	cdbxpp.exe
File opened (read-only)	\??\W:	cdbxpp.exe
File opened (read-only)	\??\Y:	cdbxpp.exe
File opened (read-only)	\??\J:	cdbxpp.exe
File opened (read-only)	\??\L:	cdbxpp.exe
File opened (read-only)	\??\K:	cdbxpp.exe
File opened (read-only)	\??\P:	cdbxpp.exe
File opened (read-only)	\??\S:	cdbxpp.exe
File opened (read-only)	\??\T:	cdbxpp.exe
File opened (read-only)	\??\U:	cdbxpp.exe
File opened (read-only)	\??\X:	cdbxpp.exe
File opened (read-only)	\??\E:	cdbxpp.exe
File opened (read-only)	\??\I:	cdbxpp.exe
File opened (read-only)	\??\Q:	cdbxpp.exe
File opened (read-only)	\??\Z:	cdbxpp.exe
File opened (read-only)	\??\A:	cdbxpp.exe
File opened (read-only)	\??\B:	cdbxpp.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\allocatecdroms = "0"	cdbxp_setup_4.5.8.7128_x64_minimal.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CDBurnerXP\bg-BG\is-26S91.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\fi-FI\is-MD2P4.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-A1S1M.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\Resources\is-N2DCM.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\Resources\is-F0PT2.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-8PV1I.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-568DT.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-2KCRD.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\de-DE\is-P19B8.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\nb-NO\is-53BE5.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\sr-Cyrl-CS\is-GH6HD.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-27VFK.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-2COAL.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-H242P.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-H2K7R.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\ar-JO\is-QSKKA.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\ja-JP\is-BLUPV.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File opened for modification	C:\Program Files\CDBurnerXP\unins000.dat	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-BAUF2.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-I2HO1.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\hr-HR\is-J337K.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-RMKS9.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\ca\is-7CB6P.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\hu-HU\is-SA244.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\lt-LT\is-OGDKE.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\nl-NL\is-PJ7JM.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-LT30F.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-OPU95.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-OA7PE.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\sv-SE\is-VQA4L.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\ka-GE\is-3K62Q.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\ko-KR\is-20USI.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-8CKRU.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-I0DHS.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\da-DK\is-PHMMR.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\sk-SK\is-4FTVK.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-EE320.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-VIHIN.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\es-MX\is-RSNCQ.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\pt-BR\is-MS97F.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\uk-UA\is-6FR5H.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-UO2D5.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-2GNQQ.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-4V35Q.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\sl-SI\is-4JTNT.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-C3QHH.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\es-ES\is-92U0U.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\he-IL\is-J4PC6.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\el-GR\is-K6DPQ.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\lv-LV\is-GC1PL.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\pl-PL\is-14G9L.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\tr-TR\is-2AA1P.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\zh-CHS\is-PHGJK.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-70H7E.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-2LSK5.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-1G9UD.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\gl\is-68D6N.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\id-ID\is-EL8IR.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-C6743.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\unins000.dat	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-RR9BK.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\cs-CZ\is-719AQ.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\sr-Latn-CS\is-ROCPH.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
File created	C:\Program Files\CDBurnerXP\is-2LU2J.tmp	cdbxp_setup_4.5.8.7128_x64_minimal.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cdbxp_setup_4.5.8.7128_x64_minimal.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cdbxp_setup_4.5.8.7128_x64_minimal.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685509264776128"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0EEE430-80D8-42D7-8D83-F046AECD7536}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{102C6E30-5702-48C1-A492-A3F3EFB1958C}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB79517E-28C4-4224-914D-3C62760EF839}\TypeLib\Version = "f.7"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A17148AF-9A6A-43D9-BFDE-BDB646D52AD7}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B18F879A-A925-4F25-9520-46B1CC6FAA69}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDBurnerXPAudio\shell\open\command	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{AE860CE7-C15E-4B9C-BA5B-2EB38369E4AF}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4B9FAB2D-BFD6-41AB-AC98-C9A3F0960277}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E9C4C3A7-40C6-4B57-859E-C948D9B415D1}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7D20766D-2712-4049-9F9A-9131116DE218}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}\TypeLib\ = "{93CBA48A-1C58-4648-B22D-8F3588CB8D95}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.DataBurner\CurVer\ = "StarBurnX.DataBurner.15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C773CF25-3487-484A-A839-29606137F191}\InprocServer32\ = "C:\\Program Files\\CDBurnerXP\\StarBurnX15.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{16741A21-280D-481A-BC57-F05E82C2A0F9}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B18F879A-A925-4F25-9520-46B1CC6FAA69}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5C7AED05-A231-4ef8-92B9-1172BE5BE54A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CDBurnerXPAudio\DefaultIcon	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B18F879A-A925-4F25-9520-46B1CC6FAA69}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A7FED2D-C4DB-4A40-B1EA-4B8301CA3242}\ = "IStarBurnX"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B18F879A-A925-4F25-9520-46B1CC6FAA69}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.AudioBurner.15	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B756C224-A1EA-44F8-95C1-9F726040C800}\ProgID\ = "StarBurnX.StarBurnX.15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9CAACAB0-6D9B-476C-88CE-5359DEC7CFBD}\ = "ISessions"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{5C7AED05-A231-4ef8-92B9-1172BE5BE54A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.DiscEraser.15\ = "DiscEraser Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64EE89E4-01AD-4865-8B40-E80CDDF2783B}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A7FED2D-C4DB-4A40-B1EA-4B8301CA3242}\TypeLib\ = "{93CBA48A-1C58-4648-B22D-8F3588CB8D95}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{22C5EA0E-2048-4695-9AA8-E98317A761E0}\TypeLib\Version = "f.7"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B49F136-B054-431A-BEA5-025271874B33}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}\Version\ = "15.7"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28DF9B49-991B-431C-ACA5-0FF4FADFF15F}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C3CBD658-4406-43D0-ACE3-EFC01AEDF63F}\ = "DataFolder Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.UDFDataBurner	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{93CBA48A-1C58-4648-B22D-8F3588CB8D95}\f.7\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{64EE89E4-01AD-4865-8B40-E80CDDF2783B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.DiscEraser\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{176FF4B4-BACF-49C6-896E-68390D429FA1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.Drive\ = "Drive Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}\Version\ = "15.7"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.Tracks\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{176FF4B4-BACF-49C6-896E-68390D429FA1}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3ED55C2-4DE3-4B5C-8AFE-AC4761BB14FA}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{713E6E1D-CA5A-4F39-AE45-9E38B6230523}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A17148AF-9A6A-43D9-BFDE-BDB646D52AD7}\TypeLib\ = "{93CBA48A-1C58-4648-B22D-8F3588CB8D95}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{176FF4B4-BACF-49C6-896E-68390D429FA1}\InprocServer32\ = "C:\\Program Files\\CDBurnerXP\\StarBurnX15.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BB79517E-28C4-4224-914D-3C62760EF839}\ = "IGrabber"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{68E2A88C-EB6B-42BE-8979-9789B573CD1C}\VersionIndependentProgID\ = "StarBurnX.UDFDataBurner"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{80E026F0-CE90-4F15-986A-45317268AB5A}\ProgID\ = "StarBurnX.Session.15"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{176FF4B4-BACF-49C6-896E-68390D429FA1}\InprocServer32\ThreadingModel = "Free"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1CF4FD09-305C-4FD3-890C-4489B9214843}\TypeLib\Version = "f.7"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{29664C05-B3E6-4B57-8F7D-ABB6852C2970}\ = "IDataFile"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A17148AF-9A6A-43D9-BFDE-BDB646D52AD7}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{87027BAD-8E8F-4409-914F-DBE0BEAB1DAD}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.Track\CLSID\ = "{F750BC9F-72CE-45C6-9D1F-BFEFB0765918}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\StarBurnX.DiscEraser.15\CLSID\ = "{176FF4B4-BACF-49C6-896E-68390D429FA1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0EEE430-80D8-42D7-8D83-F046AECD7536}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{16741A21-280D-481A-BC57-F05E82C2A0F9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D73DD88D-0428-47D2-9D60-79619E42F5B2}\ = "IBootImage"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0EEE430-80D8-42D7-8D83-F046AECD7536}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1E5E3435-8F73-417E-A57D-293A0A3AFC94}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4019D36C-8251-4C2E-A287-CFAF19C2B548}\VersionIndependentProgID\ = "StarBurnX.VideoCdBurner"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4B9FAB2D-BFD6-41AB-AC98-C9A3F0960277}\InprocServer32\ = "C:\\Program Files\\CDBurnerXP\\StarBurnX15.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0EEE430-80D8-42D7-8D83-F046AECD7536}\Version	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4EE12AA6-A781-490F-96DA-783969C58A1A}\Programmable	regsvr32.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5124	Reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious use of AdjustPrivilegeToken 61 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeShutdownPrivilege	3420	chrome.exe
Token: SeCreatePagefilePrivilege	3420	chrome.exe
Token: SeDebugPrivilege	6004	cdbxpp.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3120	cdbxp_setup_4.5.8.7128_x64_minimal.tmp
6004	cdbxpp.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe
3420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 1084	3420	chrome.exe	81
PID 3420 wrote to memory of 1084	3420	chrome.exe	81
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 1560	3420	chrome.exe	83
PID 3420 wrote to memory of 444	3420	chrome.exe	84
PID 3420 wrote to memory of 444	3420	chrome.exe	84
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85
PID 3420 wrote to memory of 4648	3420	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdburnerxp.se/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff819f7cc40,0x7ff819f7cc4c,0x7ff819f7cc58
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2352 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4776,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3324,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4932,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5100,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5076,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5576,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5592,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5868,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5880,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5892,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5796,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6040,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6180,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6308,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6444,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6880,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7024,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7208,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7216,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6476,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7500,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7608,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7220,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7916,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8060,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8044,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8200,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8472,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8612,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8636 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8760,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8912,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8780 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9052,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6736,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5988,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7332,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9092 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9048,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9096 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5968,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8444,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8264 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8420,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8404,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8432,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=9040,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=8940,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8992,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9264 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6420,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=5784,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5812,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6824,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9404 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9436,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9356,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9732,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9460,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9824,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=5476,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=9864,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8132,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6008,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8124,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9256,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=7948,i,3981779863214140859,7922717687215329969,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1232

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5800

C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe
"C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5740
- C:\Users\Admin\AppData\Local\Temp\is-HSPV1.tmp\cdbxp_setup_4.5.8.7128_x64_minimal.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-HSPV1.tmp\cdbxp_setup_4.5.8.7128_x64_minimal.tmp" /SL5="$60226,4819669,504320,C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe"
  2⤵
  - Executes dropped EXE
  - Modifies WinLogon
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  PID:3120
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\CDBurnerXP\StarBurnX15.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:4484
- - C:\Windows\system32\Reg.exe
    "Reg.exe" Copy HKCU\SOFTWARE\CDBurnerXP "HKCU\SOFTWARE\Canneverbe Limited\CDBurnerXP" /s /f
    3⤵
    PID:2396
- - C:\Windows\system32\Reg.exe
    "Reg.exe" Delete HKCU\SOFTWARE\CDBurnerXP /f
    3⤵
    - Modifies registry key
    PID:5124
- - C:\Windows\system32\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\CDBurnerXP\StarBurnX15.dll"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:3700
- - C:\Program Files\CDBurnerXP\cdbxpp.exe
    "C:\Program Files\CDBurnerXP\cdbxpp.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:6004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\CDBurnerXP\cdbxpp.exe

Filesize
1.7MB

MD5
24603158a035ac81be8cca81922bff64

SHA1
76d3a446755f57d48112df40f206b515e6348625

SHA256
35953582429c759f3f0ed31bcd07220f13416887d513de790b04fa420fc6b317

SHA512
3ea02d9d133a8e7cf8752128d728740889c9c7c346cf379fa16af5c0b51f378cb2dc8c2c5f3cb3530306074dc75413402945e65a1e73acbb8066ec71a49a2db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d8597da36a8c37e95c6844fd39c24491

SHA1
a2d32ace9ef0fa6b9d8d4a4e2fd20238b69b8c36

SHA256
b538f7cae61ab3477b1e670b9d0a21df606721fcb504e003b4cc7b11d1f540fe

SHA512
6b822c96be54f1e24cf782d62e919913ee113152ef0b2097ea939746bc04655a62fc8e4c6e63a83ca36039ae5a84f448dbb24787dbca6338b834b9e448a3ac58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
78KB

MD5
2c6c864703c79c8ff80ef15e2df7c20f

SHA1
c39c3526cd7612b799714f9c5340e7a34102ba75

SHA256
89dcb01b0f880c626541ace68a93cb7849520cdbd860d9fb5133639119e924b1

SHA512
881a8242559010198728dc12474e2eb9427f297fa80a623c5e2b24afd1d9c23d57fc84ffc00378d8237ae6dc5611065cb8c49dc0ca251b47ef4ebe88d895289e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
252KB

MD5
6152d4161ee026dcc6220f284642031f

SHA1
23ba519f71b07274ec536c46d2c0872a728abc81

SHA256
a131e66bd0da2d1e936f633b066ed5ad26c3c1bdfd659e6072a2638070e53d65

SHA512
28c43e558d54cf9527c3cd1b10e720d39417edbf46f2fb7325efb89895bf8952b5e73b7a18c5526a75fe046b351dc9d9face01c7a72b3efbac40fca801720c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a42bc0273ae18d22_0

Filesize
235B

MD5
8ecd27c001bb2c256717a639fe011164

SHA1
0223506b0f2e87e14b662a72eeeb31b5ddde0b0b

SHA256
68e4cac5bd1f78796707e3581da01b8e32b57e61df7f3fa76a3ccc252ab63b4e

SHA512
d6eba8ab3f2323400f684c7472ef5c96b28d78c9429a23bde5c8776e5417a1326ed802be750b518ee2ce6059519b42d4dad480af93ef8855c2e2dbf5789bc6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eaa55c6b5af9f4fabac76d8c84e5af16

SHA1
745e4799d51493cf9fe27bc7a1e56b97587d56b2

SHA256
78a8315377c07a2600f0556e34bec8758091e3ea6ef75e4a67ba1c310fc8b5a7

SHA512
57496d44c26fab06867cbdfd178057d861eb387793dc66ec37285f064ca245b073c5b8885e15f8bf5d95a9270566a393077292a12fd5ee8d8e5016f750b70e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
bc30f5ea3cba3152f484899e80ba7997

SHA1
1011c561cdc431a01910f2358fbfb115c7511832

SHA256
fdcd9a27c9174e3e79eec45127c38f00d77e8a5833cbeeeac0de9bd52c347814

SHA512
bdfd17203331f991261f3d211761a32d356bb121bfcdfc92abd97f184f93037806b49cb353a10bb203f82b589c99d05836c25cb494a710ca5f5fb55921802ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
30a2e385c8ca28f39ce7588e29970f79

SHA1
87b8b231c6f0c6776cd7cb0199860221d6243188

SHA256
86869165dac759479cf764e42475bd5ed37866bfc17f651027e349f329b6439e

SHA512
eaa9001be4a330429267b44cae8a5a6d38999428844a2c857f948b6a3675f32c1d105cee9200d1adbc0341b407c445cd1cb68fa137175583e55e340e4a7b3c28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f1758a4575d743af53dbdfb272fb09e4

SHA1
39dc79fd5d61508ad4c508125b924caaaa8a2f34

SHA256
ab3d4fe8809295b43f17bfc2e17f2415e093c4c35c05a2491e80a22b927ed749

SHA512
8d4e81c1f28098eeb3a254fdb4ddbeaa28641e1f9574dd2dbc6e806f10970d22da9483f328fcc56c117b0ced633c9e2b08fd643e216633c238fc8e961757033c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
606f4c00f32cf012a152c17db3aa4db6

SHA1
e8964c98661ee70825acad1726510b7a560a7db4

SHA256
e285007047f38b893f54ad7f4caf9803f4d52e230ac14f5e41e6b7af85e14b17

SHA512
3b8f60163f1d0d3d45adc95b2d36e4110d8d1ddc21c83873ffe6711c28656849b0da3d05ba42fc2d65ef9b940968e39137b41027871467b5af102532e15a9625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
b15bb68f17cd73d9f8944f8ca4075666

SHA1
297b7ba903b36bf47d939b4a41e4dc25d4597071

SHA256
4d367cd12d572a387de36ee1178680b13a4242c27894074c75f90e0a99f0350c

SHA512
6eecb31ceee4d8d5765b9da5d666dea76ec8e6efd1fe3a3bab050e83b740f7880a2904edaf4c77030834cd6e45bca34e44ede183cc528c62e93ffec93f24e879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aa8866e285cf8046cf17fcf08b4e8a0

SHA1
99c932a7acd7c753049dbd19e382ceb29511bbab

SHA256
6ad3e5ea1657ab901565ce494b8c5abebb959540a6bddd2813b1ea1e4b792597

SHA512
8597967c773f721d9ffa35356af31fadfb50642194ee366c4a16588b219d14eeb331719cbe7cb5d9b3319f5bce19ffa1358b297945acfbf685d3aa81d88660e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a5208ee3d493f32ddfd03c760560601

SHA1
7b9e7b506f6883ffb3d7e7926459e99fdc83218c

SHA256
8910967155630eebd3b51649c6de7d14f49ebf44475e6b612aafc919854899cb

SHA512
9b2a9a34641b4ab380f4b81b1ed5944963f37644bd113864218ec877462b2bfbb18faf6a77554923ebd37fa0faae037f19d30aac38187eb5a15f43a11a1a6b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b95a331253f234f6a117ae4827328ef9

SHA1
2702166c37296d93d175a2de70d9fda325e8a4b8

SHA256
6efdf4e33bbcb448c51239333256f8246945a3836ba5fa574fa5c97307263732

SHA512
6ec83522132a9c015a185a254a12a3ca510538b5fbd277408851cc6edddc14366d037e9ea58f2bf1d763c36bb9c5fd054edd0e0d4885f6a570e1f84dfed38622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
594f2153fe7bf953aceaeddf4421eb73

SHA1
2513e79cdf076c15d0fa888a6c3be6c4702f5a66

SHA256
27afa2d9c3216d7db7af138bc901714eedb87740c08ef18c5e2b2d58c538b061

SHA512
7e6910769653812fd4ad51ef7dbcda3e93df459dc0a2e177522b0cd0dd427f8a1b52a69c4a107f2731696695300497e6c0773609dbfcfc0dbc1e5ae441a36c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f3762d29018cc5dd368e23659fbabc05

SHA1
e6284a4bf4144480dceb380320d0d3d8c6303f79

SHA256
cec94b3f496f6bcc3f29e8c7cc36cdb22371799dc387e7eab74e29d0fefc74c4

SHA512
fa47f9252f0d52ef7440e2c837299f4cbb80d2249cf64ad1e17b0eecd17014f195bbf19bca41c7a5eb8e7cb2cc5cb5bff88dbf08e58cd3086784ad147c430eca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
3KB

MD5
a198fc71f1344a7bf206e07abf4e3a79

SHA1
9bf297fa7fda76174d3753d1fa672a1f2c6675e1

SHA256
ec33ea4278aa33a89c42526fbb78ddb3b851e0135bae08ba9c1d0493b71c8ec3

SHA512
7d58f276d8ef6a9356ed22a2fde628022b12308003e68d521d594c27669cb814afaddc929e2faae99e6def574a4c544ae3a085ec271beeddbbb83d9cf66aeb0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
6KB

MD5
8e7e15b3d9ef89db25feb992b5030d42

SHA1
7fdfceb8837c7814cd8782478d4c9c6a0a03dd6d

SHA256
823cf2563326e209f7bfa06665d11e57795d423e7397e09e2753975aba3c4cde

SHA512
59ef5f0fc07de824be8decbe7bf2fbd7f69f757440ef3b658a28c2fc98007ae809be249e3b21e5ab465686b4d5a387c531a4303c4527ce8b27e8f715f279cfbb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
9KB

MD5
fc6426e2d9d2f664675610a2a6e92835

SHA1
c5f3de471e97ceebecce37ba9798a6744f096078

SHA256
333bd7c015319d434131dcf713e352828595c90e835a84a008442d6524b2ef4c

SHA512
fd62579b487d28b2b1fdce5da5660669b0e854e9be1b746bf5495a925087ea92b3e3342689fd529df94a9c86406185dd96a83893711a279faee7612948ca65d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
1KB

MD5
ec482d8aa73f2823d8197e4dce337b52

SHA1
a397eab22e8062b6d1faa2b39f5668f8a34d3248

SHA256
fc65519c485fad769e505faecf41d445af4a95a39a918852e5bc4c3ec34c1112

SHA512
4288790685d49d211cef3512a6c1736a3e7052dca4f6d457bdaadbb8fba190a3e7ffb6315600c4f466ba1282ba112ecac0e7268cf7059731947cf6c8c254bf71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
5KB

MD5
cb5c1b138bf3337270f137cf581f853c

SHA1
b91922378453cc400d4f0dd67961c4318debfeae

SHA256
1e81e366530aed3e97c815d197665950949667766ef1c9e80805e97ecb908064

SHA512
10cdf1124add1c9444dfa0b007e3cb1b665b1ac35e67c1a364190fa23f0720d4fba81f801f9eb072a8c95b6c80f634557c6a5b896fb5de3975e12942ce93acd4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4fd44f9938892caa.customDestinations-ms

Filesize
8KB

MD5
058c0dbf97fade489819cd89b22900c9

SHA1
9d4c89d7d0db1decf58de8a12868be17a10906ab

SHA256
e0518c24bcbd1d9c07f938a091bd66e50dd3ec1ecc64f08e2b28c73c3ad01d75

SHA512
81eecca9eac646ce94d651e1d1e71fb312b9b83848d0afe0255390becc0dcbb835f15154db19afa32ea8ba246af9c983a7d4049dc558df9ffdaba75d9336e509

Download Submit
C:\Users\Admin\Downloads\cdbxp_setup_4.5.8.7128_x64_minimal.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/3120-741-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3120-937-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3120-735-0x0000000000400000-0x000000000058B000-memory.dmp

Filesize
1.5MB

Download
memory/3700-923-0x00007FF81F430000-0x00007FF81F443000-memory.dmp

Filesize
76KB

Download
memory/3700-922-0x00007FF80C4D0000-0x00007FF80C87F000-memory.dmp

Filesize
3.7MB

Download
memory/4484-920-0x00007FF81F430000-0x00007FF81F443000-memory.dmp

Filesize
76KB

Download
memory/4484-919-0x00007FF80CCC0000-0x00007FF80D06F000-memory.dmp

Filesize
3.7MB

Download
memory/5740-731-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/5740-732-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/5740-739-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/5740-938-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/6004-928-0x0000000003220000-0x0000000003236000-memory.dmp

Filesize
88KB

Download
memory/6004-933-0x000000001D410000-0x000000001D598000-memory.dmp

Filesize
1.5MB

Download
memory/6004-930-0x000000001CFC0000-0x000000001D032000-memory.dmp

Filesize
456KB

Download
memory/6004-931-0x000000001D0E0000-0x000000001D180000-memory.dmp

Filesize
640KB

Download
memory/6004-932-0x0000000003240000-0x0000000003268000-memory.dmp

Filesize
160KB

Download
memory/6004-929-0x00000000032A0000-0x00000000032F8000-memory.dmp

Filesize
352KB

Download
memory/6004-927-0x00000000016B0000-0x00000000016D4000-memory.dmp

Filesize
144KB

Download
memory/6004-926-0x000000001C250000-0x000000001C386000-memory.dmp

Filesize
1.2MB

Download
memory/6004-925-0x0000000000520000-0x00000000006CC000-memory.dmp

Filesize
1.7MB

Download
memory/6004-992-0x00007FF81E4F0000-0x00007FF81E503000-memory.dmp

Filesize
76KB

Download
memory/6004-991-0x00007FF807040000-0x00007FF8073EF000-memory.dmp

Filesize
3.7MB

Download