c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

Resubmissions

24/11/2024, 17:01

241124-vj2q4swkdl 10

26/10/2024, 14:16

241026-rlatmawdjq 10

26/10/2024, 14:13

241026-rjt5gsvele 10

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26/10/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.exe
Size

10KB
MD5

4f04f0e1ff050abf6f1696be1e8bb039
SHA1

bebf3088fff4595bfb53aea6af11741946bbd9ce
SHA256

ded51c306ee7e59fa15c42798c80f988f6310ea77ab77de3d12dc01233757cfa
SHA512

94713824b81de323e368fde18679ef8b8f2883378bffd2b7bd2b4e4bd5d48b35c6e71c9f8e9b058ba497db1bd0781807e5b7cecfd540dad611da0986c72b9f12
SSDEEP

96:IJXYAuB2glBLgyOk3LxdjP2rm549JSTuwUYXzP+B1izXTa/HFpff3LG+tzNt:IJXDk7LI4uwtDPC1ijCHffSs

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743810111537889"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe
Token: 33	3540	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3540	AUDIODG.EXE
Token: SeShutdownPrivilege	4980	chrome.exe
Token: SeCreatePagefilePrivilege	4980	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 4684	4980	chrome.exe	84
PID 4980 wrote to memory of 4684	4980	chrome.exe	84
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1084	4980	chrome.exe	85
PID 4980 wrote to memory of 1804	4980	chrome.exe	86
PID 4980 wrote to memory of 1804	4980	chrome.exe	86
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87
PID 4980 wrote to memory of 3648	4980	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc20cc40,0x7ffcfc20cc4c,0x7ffcfc20cc58
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3380,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4328,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3572,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4612,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3408,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5188,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5184,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5100,i,15906778409424184282,664169869930824693,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
779d03e0151ed0143fb245ad70b545f8

SHA1
bbec499ec339fce8927f4092cb592c3db0a492a2

SHA256
6a38aad7e17f5f774dd424c3b773518d41e6e2b9c87627abaefb264ed71c213f

SHA512
ca017afc9b339f84a3065ceb5b916c8bcd99d0bd4b356d8382cd5893a09ef96df7b39907a6c9dc4ab829e34c95ffb63c1af92c7de5cc947c87c0c4dcf4975b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
ccb7457f35dfa897375493a906bf4035

SHA1
ef9c02677f35f488422a6406ec160c647be55819

SHA256
bb1b2f71073f43e6300c55b799bc7143b6060f50c61132b451a7746745bf6754

SHA512
14a65ddea8c8c294c85fd455737fe566e2d83f523c146bfdaf56b57c16e5ea15317b612e5cdc93806f4dd7b4973e8ea7414b8218f74711ea1e942920c4d54ea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_content-cdn.xxxgames.games_0.indexeddb.blob\1\00\8

Filesize
112KB

MD5
7baee97c4442f5d06cb42cde5f3ad22d

SHA1
77259cc51182362a538d07bda13dc852dcc7d7a9

SHA256
c640577fb4ddf28513b8c85aab7f2243cc3e2992bade406551e7828b87a51d05

SHA512
065f176fde22236e7188f41b7584cd6bc00be9eda3753ec040f05634469755843cb1cda2af1547e0818493ebe6d7b77df2e7538745b52aad79f294382681bf0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1c615b81e8ef609b6d4a4c5cbbf6f887

SHA1
e23827c1ccf1dfef47872a388ee37165e615fd82

SHA256
5476a95902aeb68dc7af63c49d8d0d38c37c3451e998948c0b5752cc7e0ce53d

SHA512
a13dd309c523ee80fcc2ef996ace9ab879931ce5fb941884b83a2897ccc47ad70a59653be5be00d6404c339de3e737d265acf183fc87a001757ebd68c1393d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
709a63c503e27f3f7859bb64305c0fad

SHA1
297c355be7a5d3a137ce6f6e2c9d375e2222a335

SHA256
f6b4bbf5c531b249d6e403b8ab83b0282b609409d3bd3770e0251769a48a2fe7

SHA512
2d14cd5ef6e89f04bc57c046a236a8e541008210d27dae2af6ff86a906318a56b434218deed9fff9fa4c89c9c1cce043c462fe7bd4d710413c71742959586240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26ac0850180ffb70607d4ac8f5fdb687

SHA1
7a6e33fa3b482732fbccd3a25cd1ed4ba88b2018

SHA256
cc351f10db2c6b5870f65955a656168319d87b01a1e6aa676ee585a03804781c

SHA512
2a07ca9262934a4fc35f7723ca4812176ff77ce08736114701353e72afac9cb997ebb28e408eb71a280733c055cc623b0e3696947f34227d70e20f5623dbd895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbf84c71a0f9bfad8f071d9c9c583d64

SHA1
37a9b8195a2fa07fba53bbba6de28c4755da8b8e

SHA256
7ef326d6e39d33ef310917d2d2c03f8a096e6b867190e8907452ee5f127a913d

SHA512
a9dacadf55da7683ce9260439205aefe242fa2c2b1404d41700eb6e5a2d71acefca356fd48f9512942dda61bd990d72dafbdcb03a393bcbc79eed9d234c34740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98c279ea6672656d63f70c961422bd1d

SHA1
2f74d88f1970c451ecf761f49a6692a073509c7a

SHA256
2e4595591dc4aaa9c0424812553dcf3783eae6660f64019bc080c71cc2cd6dde

SHA512
33deb70679171e1b5f0934f172842cae14f626df503eab3a0a768796c2f5121c68d095bdd21cbdd42c540ae5a851d8391a8a7e1a4296c97d642703acd03e964a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cae4331a94cea4b73467cd9b0ee3ab52

SHA1
90ab6a2908fa5d9978a556d6d58d5d56b141e596

SHA256
35ffa3ea66518cf390e0f5a26af1267258932ae53b112c3e2704d4d071f180fb

SHA512
69d13dba91d024761df197915dd563cbd60cc8279b052d2c8fa6b315007e7ce27ab363d438f652dfed885c1145066a0b8fbeac94295ade9603b9d054c8152b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6e6910932f6c0d32dd1a52fe6b4b4a4

SHA1
455433652fb2efee352a2e00c2c064057d1b6cbe

SHA256
7142109977b7620184bbfb2999a061f219d2db21a0750683dccd29b68c1056c5

SHA512
49e77a6c41abb29756963bd0c452e810d4d674dee79d76f7cbd5cfa8956f2927e2b3713f7aa8c25578bfcf118db661aad319f66dfc1edda49e608fe3c17b978c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
41da15e3fe831c1420203dc78a4ac642

SHA1
504fb0e2a59e6f9d63806a248bcd6cd4398603b0

SHA256
3d5a7b5caec2e8c2a37cb01db30e1ea0a81821b848553d4e397470289788872a

SHA512
dd6bc77616399c4843b43fa8e2deefeb150d10a937254356af5dab0d73efb5ad8140bbdf92a968362decd3cdf7cb18bcb2c96f8f7aeb4b14e785b6b8062669e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d12ec31ac6ebd19add740fca3eec73b

SHA1
9fa4973805cb5b8f16a1813d5dcb9f5dcce50644

SHA256
0b9e1a97eec62d910c166639dbdf8e5de3aeebc2affe16982610f01e0d084125

SHA512
a63248fae497657c6e86c60027f4c302a2ab078925bc5fe12e67645afc2f359d6e2e6c738f546f8de0c6187d65bd3e1b2f4d915ff391fff382e07f0be4caf73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87aa551f5661bfd8d443dd2b68ae191b

SHA1
dca56c93a0a40b8b7533034e141ab4f93e49b030

SHA256
fedaad41c32880a6ce888ace05eed85a54f9a6f2a6498a9bcb203ca5cfcc929b

SHA512
c1b66ec65ee7313ca4e474266397fd1dd6fde29f76b31c9b22a764ee242232f9aeec3b3117ac8024c115eca00bace7b47f6e9f836d89aa4a6e90267833e0dee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a4235d1e1493c5fc206d27a0b2ac0d4

SHA1
dd2bf866d2d9917a64cd4d6ef6a1d71191e414cb

SHA256
25e915ff4b16b3e7ab894f4f6e6fd9897528aae680b78c04b028017d11103dee

SHA512
e94e0e1d95a420209120e6b625b13d7c005cd9eea199cee80144248f201cb78c8898543b202e97a16f32c58806ba2105f7d40fb12564cd79c91f4026d221cecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2afe5a871cabedecbffbdf3c2424beec

SHA1
03577de8e78cf1e659b4118e36670decd1c701b5

SHA256
4dd197d32a129e362b18534b49fb10e76973287f65cad73ed8811dba5213bd24

SHA512
7ea44d55e449d81190bc98d84565d60b3e7a71bd6af7d54e8e3f7c48930f5d89d1a609a9f9caf74c972cbc9fd52d87690051835c8f1dcba4f4d7c5a6baaee3b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5a8725988cf0c4e66cbd23151e150af0

SHA1
f89e6288dd3b2e1d590b1d12733f1a4eb6014f18

SHA256
92a1627dd722534983a61e1c8a3d4b3f59fc3fcfa402bbb54472270bfc8589d7

SHA512
a446ec4e51a6ff2907ffbf3c0d8306479e689ceb3f22c0188c9b418f8083fe11b4d94433589a005217f2031facaa97aa17e9f7732360a8b50a60cfa5f40afbd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
50b3556a0e913a351746c4d414db2035

SHA1
47c7335dfb0802968ae066f5f696608f44135362

SHA256
0c72bb1b52871bcc1dd972b701d68c1df59eb71370bb32a1476efd7c916bc3a2

SHA512
99a13354d151434d1983d7c5beb8a6adc7e8f2e5ff0ec33b06e4ed8c9ce40a2d76fb6cc2486815da143dc4f57a23f1e11dd93bd50fdd59a5bfc721a4e8bddde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
72df3be7ff36652968af2c5c1ca26369

SHA1
ad2455c63a0dd13b84e6236a014e2c1d51ec28ad

SHA256
479b836d477bda6a3c5ed77fb1a96aa41100aa25c500d53a4e2677249ee1befc

SHA512
88796bf11f5796b65e2176a87230d2da296caf9b4eb06a9d1896b21350930060600ad1020b16be393867205959b09b8c57c226f6d43d71d596d9630097bc50d7

Download Submit
memory/5060-5-0x0000000004C90000-0x0000000004C9A000-memory.dmp

Filesize
40KB

Download
memory/5060-4-0x0000000074BC0000-0x0000000075371000-memory.dmp

Filesize
7.7MB

Download
memory/5060-6-0x0000000007490000-0x00000000075B2000-memory.dmp

Filesize
1.1MB

Download
memory/5060-9-0x0000000074BCE000-0x0000000074BCF000-memory.dmp

Filesize
4KB

Download
memory/5060-0-0x0000000074BCE000-0x0000000074BCF000-memory.dmp

Filesize
4KB

Download
memory/5060-3-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/5060-2-0x00000000052B0000-0x0000000005856000-memory.dmp

Filesize
5.6MB

Download
memory/5060-1-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/5060-18-0x0000000074BC0000-0x0000000075371000-memory.dmp

Filesize
7.7MB

Download