c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Resubmissions

24-11-2024 17:01

241124-vj2q4swkdl 10

26-10-2024 14:16

241026-rlatmawdjq 10

26-10-2024 14:13

241026-rjt5gsvele 10

Analysis

max time kernel
150s
max time network
162s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26-10-2024 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

builder.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743808369418400"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
3552	chrome.exe
3552	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe
216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe
Token: SeShutdownPrivilege	3552	chrome.exe
Token: SeCreatePagefilePrivilege	3552	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	Process
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe
3552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 3552 wrote to memory of 4752	3552	chrome.exe	84
PID 3552 wrote to memory of 4752	3552	chrome.exe	84
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2288	3552	chrome.exe	85
PID 3552 wrote to memory of 2728	3552	chrome.exe	86
PID 3552 wrote to memory of 2728	3552	chrome.exe	86
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87
PID 3552 wrote to memory of 1192	3552	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3b8ccc40,0x7ffa3b8ccc4c,0x7ffa3b8ccc58
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1748,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1784,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4308,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4832,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4460,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4596,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3352,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3428,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5420,i,17078693502288250454,1859945961028184271,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
PID:4600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2f763731f70bbce36b775be5f2099c89

SHA1
7dccdbd6a26da5a94a238ea1a93e0d89b8b4a984

SHA256
4a40c7c1c71107258c5ff052cca70060e174a146f4c2d1158ea6db82e24997dc

SHA512
0025674735381154510e8f30d49340c01e90957660e73b17662129e86210a853fa42f10541b9e7ef8d6d849491817d3c404a37cea43deb6ae90ce5b5e854baf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
9c79c699a168591f322089b3cefacc9e

SHA1
8f2ec01a93544a2706a5588ed00fbf5eb9903759

SHA256
d9d2dc1ac58f5c3477ab04b0a066bb90451ffbae53e8a8531bb29454fb278aef

SHA512
ee04af8ef91875c564b32bd44810f57da802597c893c754f35e0c428822e3fa2e78f09b1a93bf5839b4416a10404daa12a0b4d623cc5911e09c3960bf1c7cbc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_content-cdn.xxxgames.games_0.indexeddb.blob\1\00\8

Filesize
112KB

MD5
02f43cef9b705ea925c7a63bd411fca1

SHA1
bd86114a8ee5c25dbc38365fed4d672badb2ca5d

SHA256
a633ca7fb1393fa2ae1c94511febc4c71bd03cb368eb8f1c8e05aa546b8a0c34

SHA512
084700b2ff56b8ca8230fe9ff7a046761c4b1eea27d62aefd3e48bbe3225f081d1aea7d3da926f063206da251cd2b5f1ca50700f79b0849c64b517097a67ad65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
bb0e2cb6118a81be46e19643e3d9c776

SHA1
a2663b7b832f12d38ae1ac2bf3e5adab828d4b55

SHA256
55d35235823d864e856ff1333980c674cbcbc4b0edea2882852870a3b6afe457

SHA512
b21e81395a0c97152002006ab919aeae2ccea0e5cba2b92f05e8527a22c1adb3c83c41e7d35445ed005726e267078db56eea6cae397303d6871244f27ffeebce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
f06797366721b10ee1ad40995c75e5bc

SHA1
d75b2b47bd2f95f1caa2b437686bbd8f7fe85442

SHA256
6d7b554a291bfd2b42e6b44929c7753582e4cda48d721b7cce7062a5d7fcef95

SHA512
36b23d51237419eb3f1fa7c813edc77176027422a82b35ae922522f7768d68ce84e59c7e8ed4a0828d681ccc98c7eb65dd5c5f113ffcb52ed408b4825bf20e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
dbaeaa7926d3303b8e759c8bcbcdd327

SHA1
74f71e43becb8ec593aa1e4e4714bd320c26981f

SHA256
6d93ff6b3b408e6cec028631a4fddaa481c3abc2fd6bd3716ccfdac04210fe90

SHA512
a8cf81d76e4d3a894632d02321e2e892a343a65de48f9023fe130b2abe7a428218c39607c0d11eadfa336548d208da78715c802169ae5da29270d81b7b96b9cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d27f09a89a50a403ce5ec570dbe1f930

SHA1
1ae8119d1c7e46710ac62f4d1bf419c1735dda3a

SHA256
0f060f56debe7b8e8a1ed1af532b9cdfcbdb344cd9743db673468581c75e8da6

SHA512
eee4b24761de09567641321955cc3be4230c7ffcf4a7b23644d103c99cf6ae99e549017f15fe6676cde11a09a6713844b98c13232797e1c46e2e4c9cb6ef2c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
04715ff83a0b1b06e35d461c1136cde8

SHA1
a3c1a5d7a0bf715bfb178f03e37fc0fd1b0782e4

SHA256
830ede416939a3199111dd12b96a8a89acd9daf26ac2969f17e2be2becfff068

SHA512
abbb39574ce7f82de2509118199c02e55c912fd9a50e7663958ba1ffac747c60125055227df534d8d7fbc93e85b6c2bfa9788cb488d115dd90bcb0f165b086b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6206646950020181e6c5a0c712a2af8d

SHA1
9e18bcb93c5b4b0bea99120eda95c8c10e817d6b

SHA256
edf271ea80cbe13687d0fd4e78ff5cd5c240ce829a32e87c5906522b479eb6e2

SHA512
80931c369c82e0da24fe4c3b63264e9052d82ae5280ce8d3621a5aa7145b42bc9d210feca9d968122820247c3f467d2bec3e3f8269d91eeed57a2cbca05059c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
120f0197fd817a5fd58a834d6977d5ef

SHA1
c756a4a11300c99884d77db425c3bf1e2192b911

SHA256
c51399510180e0a66446fc005523e1d022b675893e3d04e9b33b17d698b1154e

SHA512
d18a5bb511a29d542d99620d39b1a58b5108d20fab6fb08ae97f52e5beddebe979f8705b0148c9d58c06c691049fa222a5afa2b2dabf529e2f5c7eb9bb879645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ee9993ccee25bd19b6bca7f0c8e70b4

SHA1
037279251c0ac736e2e82194df6c1ae25d8375d8

SHA256
cad3ffd6768669ed1baf84619cf28382f83edabcd5ffc733bf9af376f2d4a4a5

SHA512
992c6c282b7e7eddcae8ad7fd648a007563ac42c4d2ec91548631ab05853118a9ca49a3322e21aa484fb723d7c12bb1e9b0720b6ecb82f5e5991e6704a8f9efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
31bcf07e47c7737e735e6bd0f4764403

SHA1
2e392033f61adae9f059a031bd7f9d14966c6d64

SHA256
d90ae229f3a838000f7e04067fea059b621b9fd3c05f56fe5119997d2506af15

SHA512
3a59fd9bfa7e34cf6ef8cb574377a9ff30fa957b2b965098fd088771a21090c10300900d01f33dd02d0a0b1db113aba9627ec97901715fb0f2ae2d70ade45239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e36d7b23479141785c4f2f7479a8c8f6

SHA1
a521faa3f70165dd94e435230f115a1160cfe48b

SHA256
614661a1ce308a3091d05fc6a57a8bcc0a456163bd78ed3d583eba7a87440b77

SHA512
a58956b8437004b63d6228046fd4dc4ed972bea624e059b584c49758b964db5dd608bf8632550284b61ac74a7c8602a625d7ef8390001b4d0f709dc0158290c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
07c3bf8bc1e859be02609e9d3c9ba39b

SHA1
f217e845034d6e2d1e34c8c1943eb973ce2f4d4b

SHA256
b0832009f28c11184b2807d764d2bc673431d2b0d1a084752579c3059be09ef6

SHA512
c6f4edb0d7ea6e60c621d8b3da9355f2a00ea55e044ae1343b2638e1e839a95d3ae336f26c9888662eb0bfcc312225618b09e92a68b0be5092a66f7c00d87bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f13964bea4ff7d725bcc22540393065

SHA1
4872f89c7e1dfaa38a636a13abfa4adf5806cc9e

SHA256
43794c299bd8faaec3eb644af80284ffa8854a892b8b78e00048b89f4f236455

SHA512
9e1b0af46b86e81e0b96e23f86dfcdf106f1f2c4eb68f735a2bb41a0abba390b8db5cc815437c5119e0baa3fbb58cb3f7db9d866d27931eac03cb5a1543a8779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
463bc5f8737da700262a243a4d46e368

SHA1
e7621317fbd24face74f87caf86b5fcfad64f9e3

SHA256
3532e33ea5620facee9d2055519d46293eca5fe9f131e87ba2cf71d9059ab067

SHA512
1391e7eaf73310cade014a1e8170028ce7a318e4b9cc99b2beb116c69f605c5405ffb8b080c81e2aa370dc926c54b4ee60fb1ef8b30885580eb99533238ce091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c723c1aff1243c5617dd0831b1add97b

SHA1
862b1ef4e802947fcfb8c958948a2cf1adea9b7b

SHA256
24a949f9c6010ab992f885181ab0e8fd3e507b643100100a793ecf8b3d9670bc

SHA512
a82dfcef8a2ca108070c505ba40df057d436669d1fb801fe2fb66eb3a4e01f89f010af17b00f4493c3fcda3ed3a09f2dd9a9c27b7295c5f43e69c9a560b2f002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f384a1322d574a5835ee0b0eef86912a

SHA1
528ab9bc2cde933c8d82d372341cda3ccefbc650

SHA256
e55c29e8dcfe906be72daa80f1f02e6bc25ceb21fa3414b994ba31308a9f5734

SHA512
d1d95ba6fd7b2b3cf89a3d9f770cc6e23c6fba397d9cd4433f650797617ffa9ca92def0c5573a0a44678e49e266acc8a255ba179a066fda005bde35aea4f0d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
07b50b5449d56c32828cc06dd6c00523

SHA1
5bca145d38cd3b0f4079827c1ef3221abdf072da

SHA256
747712ef666a1b399d90d3f347f7d69e3a63ac1619e84c183c70a7ceda113c7f

SHA512
022e5220ce492e0d472c4449252c041605cfe4aa1a056e34bf8928edc10a61b4eb7ab32c6105b84a3e724a4ea62779e129171a203b301364711a339c78fd36fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
921dc3dc8ed87fb0c78dd29e8e4008ae

SHA1
97bb50e45f0f10ffa954779748ba25ded37069e4

SHA256
18049330d8ac7b9441f8067d6453febeaf2dea9195b5b9389afe2b4a24ef06ce

SHA512
346cf672e08a617baf30507650d7776d69b27755d28f9ad6bd8945abb036d90735dfe58376a572ad833affe9905c783bad8b6dce360ae5e6f52df7c0a7fe8df6

Download Submit
\??\pipe\crashpad_3552_NQUMKDLBMVFOSPRB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4044-5-0x00000000743F0000-0x0000000074BA1000-memory.dmp

Filesize
7.7MB

Download
memory/4044-0-0x00000000743FE000-0x00000000743FF000-memory.dmp

Filesize
4KB

Download
memory/4044-4-0x0000000005050000-0x000000000505A000-memory.dmp

Filesize
40KB

Download
memory/4044-3-0x0000000005090000-0x0000000005122000-memory.dmp

Filesize
584KB

Download
memory/4044-2-0x00000000055A0000-0x0000000005B46000-memory.dmp

Filesize
5.6MB

Download
memory/4044-58-0x00000000743F0000-0x0000000074BA1000-memory.dmp

Filesize
7.7MB

Download
memory/4044-1-0x0000000000590000-0x0000000000598000-memory.dmp

Filesize
32KB

Download
memory/4044-57-0x00000000743FE000-0x00000000743FF000-memory.dmp

Filesize
4KB

Download