hxxp://google[.]com

Resubmissions

16/08/2024, 20:47

240816-zk7qzazcqj 7

16/08/2024, 20:38

240816-zesd4ayhnm 10

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
6060	CMDWatcher64.exe

Loads dropped DLL 1 IoCs

pid	Process
6060	CMDWatcher64.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	CMDWatcher64.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	CMDWatcher64.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

pid	Process
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe
6060	CMDWatcher64.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\assembly\Desktop.ini	CMDWatcher64.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	CMDWatcher64.exe
File opened for modification	C:\Windows\assembly	CMDWatcher64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683148777393150"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe
2396	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe
Token: SeShutdownPrivilege	3960	chrome.exe
Token: SeCreatePagefilePrivilege	3960	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe
3960	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6060	CMDWatcher64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 3516	3960	chrome.exe	91
PID 3960 wrote to memory of 3516	3960	chrome.exe	91
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 5068	3960	chrome.exe	92
PID 3960 wrote to memory of 1976	3960	chrome.exe	93
PID 3960 wrote to memory of 1976	3960	chrome.exe	93
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94
PID 3960 wrote to memory of 960	3960	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffeb050cc40,0x7ffeb050cc4c,0x7ffeb050cc58
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2060,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1584,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4672,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5072,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5312,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=208,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5704,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5728,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4668,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5916,i,8165538151150326117,6954449992695766514,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:4368

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4156,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
1⤵
PID:4920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5776

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\CMDWatcher_v0.4\" -spe -an -ai#7zMap1682:90:7zEvent16136
1⤵
PID:5820

C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe
"C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6060

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap21737:190:7zEvent649
1⤵
PID:4924

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea\" -spe -an -ai#7zMap13105:190:7zEvent12489
1⤵
PID:5896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
eeaa98d870d746ba7778dc2732baf2a7

SHA1
0d007244b82117c6a57c1a9f21f4b72fd5eeca88

SHA256
04b8f9ff7b4c48d69e352db457ea995ff94f17461a6bd6c5fab0ccfe80a1837c

SHA512
2ea0bb006227d608394933236b48c85128490d3b03c94ad137026875853fb510f39c1a7d77d764206c58dce321857e8380685c24246e3a7790c7cfecb6d723ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
95KB

MD5
be8473ddb50896abc7955c5f162ab80a

SHA1
61535f7917713bbe2d7b023b55c5bd07a6fe1a2b

SHA256
f2943a57d99477653a8ac0a0bba69820f4faa96c86bb8512ea47e41715eac04f

SHA512
4e4c39d8258fe5cc29350d08a23014ad2251aafb2f7b304a77aee0790d762c4f3a1e380a0426ff2c87b90b54393da16d5f291b4b349f8dd45d6edc1e9c950d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a39ec3a5a98a468a9e122d21efb779fb

SHA1
7d87efe33c440f1b881fa6f62fc68c109222b5b9

SHA256
155b05367c2ed7efb417cc97cbe9a4fcedf90728a33ba6037acc08ed3fad9a01

SHA512
7df0fd8f1277003405e4af911f867ac93330357630712dcac42cee2171f58ff52524e2188eeffb52bed40979ef0f56107794351f702be496a42a8deb43bf01a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0710d1370404c8e73bbde1e2cf654a3d

SHA1
50bd0e0007706f02770128ec3fe990c3c3e0a192

SHA256
03efcf78e2f9a17742f1d6f88c8d1a7cc8451c7c7414785e750a6ca00b8a1571

SHA512
e4e3f7d5843ade9c4c3106311718dcfe399db8060f498daf01760320ed7e1254801d1124d0de47bb986a32fcb0bf0d7ba3480ed0c7b00e02cea047f93894a607

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d264842c1e609c91cfd97240040d6a18

SHA1
fc87469f649efb38ea8d72a26137ee3ed56901fe

SHA256
2977a1f5a92c9d5ee28433544fc6992c356b748fc784ee0dec26dd87527e3436

SHA512
d4563addb9e0d4797c4424a3fccc6b4f9e734942bfe5f4bd29909f4848e83d022d7fb037f35e073bf133aa003aebcff37aff2483f4ddfa302f427313d08c00cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\14f3c6d8-e340-442e-a3b4-02ad7fb81900.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cb1343dbb4651f3940b2364b404ce230

SHA1
9d151855dec1b6f787335ea89fce70a616b4b3b0

SHA256
451bc0767a87e9e5ff075e0214393e62b74da3addf98ef1b0c95c0539a226931

SHA512
4b80aa8f1631d40e8db80a3311c159f60c7c0e192f5d929a5e015462f9dccdabbf8d4f62f948d5704e9c3aedee50d0871fe61e9977bddd91c5f5157c07903305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
b171bf11f63cf8cd63e6630e251e799c

SHA1
a7b091e374b537fbc2db2e769e0d6b240e5e4a68

SHA256
0a8644b9a5e1137441b25f40d9fdf0242ffdb753da04e7902743f2c2ece81382

SHA512
3186b369c9a3d393d17770743312ab84145ad80303f0107802cb04e53415d4fc26bdb14bfd08cc382a45778f54ea4f336a279b61a78017603bfc7a5c5301f1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
410754658afec01e13a5afa518c283f3

SHA1
2a59a0db7e1bcd23406ec0ee8d3c77c784edc74a

SHA256
96752f6fe04ed7eaeab23980d22bf267aa3670105fc0f95e4effe189b17ee013

SHA512
637ddd0494b9f6fcdbb9ddc49b58472da9c9f2047ae9bc7c16cdaf8b088b08322a256739584c4aaa4ff4059de85323545fd227c67d39f1f5eec52d4bfbcf099b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
850B

MD5
f517cd13587654b467cb38b0156a5d04

SHA1
2d61b2fd7881fe8f0425175c619e34a3e68b9fed

SHA256
139d473f286398a80376b1d78263ac3cad245a95943bfd4d05b543c62084614c

SHA512
8f5010d06501e53296bc6b474b1ba8a9be4eaa3b7c32f697a258f0414ce32c584595c247440a75452eb58d5995d52390da2800230afd6dba8de3d9d31f39acb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
1483cda5405b04296d4c3c0d4060b400

SHA1
229c100a7a03070dac1b45762aad7c9a3b9a4e69

SHA256
b8e2fd5a4d704e74e2cc8147e6e869d6abb25e4e3e031ec3b17c821f8f99e61a

SHA512
854c06683f131769281a1779703e6731551372f36f1134532712064f11bdc0bd518bcf3d72b1dfc4eb80902697044db551b2a7518a898d6075433d4a10d30074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
852B

MD5
fa446fae119d14516010724b8573943d

SHA1
a7961b79e1ce5dcfba9871a62aeff5faa7433f13

SHA256
e1d1f5e47e5cf82dd51b4a2c30ec5c6dafc5fa7129eef4b9563da94dc11e5d46

SHA512
91ec8a5effb8c45dbea522b20463a1af98cf6aa4f7965b0f0ed39b7d95a9f01297cc3642983a8a8567eebaebbefc931b64530b893aac4bb0e89f48058a0c1602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
700b6ba09d4378ee16b424872086c638

SHA1
49a14fc8f213d568d87abe38825fae9b57b3f4db

SHA256
3e531032bb48427cd2614702576834de17a870c03736d813b548ffaaa625fde6

SHA512
f5872f0d7b5cde8a646f650dfa4a3629cafaf22b727d2365fbe1d5da50a129b894c5e78191bd4f61c61120e85bd09ccb46e547c0dcdfcdf779ec491d82a85120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba84a686a2d9f01825de6c379f8a31eb

SHA1
695c3292f90c097fd04212945c15146eac2fdf87

SHA256
8f914640e95a33f703febc12925057bba91dcf05416665997159d9d89563896e

SHA512
e778d9f76e2bbb96b2124a33cce1371fe7b727205c9753d378777a09e4254e82f1f68e65caf639dd032ad724fc841ddb71f3165a4f6763757464262ad593edf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13a818306cf49d17802d13713ba1fdf0

SHA1
7856d5a4f56c4816c4ca18507f7074c8725514ee

SHA256
dcd16989b91228638d76d6a6d6b0ad5b3c483e1930c88931955d0642edbd7e1a

SHA512
2ddceaa9e76640e53dcc6a70cb1f22d4126dbba680b78b56e24afebb78fbb5bad165bbd0486a5fed8da5ee740c5d178f98cc960ed569717f698caf3092d0af09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40cb179bd9c6fa49736f015413267858

SHA1
b2021a124b504a1e93fafe861f62a5b801a3d8e6

SHA256
0094420d1416c205f3695b7a033ade7836a2b0e320878cb123cdd35dfc84dab7

SHA512
5f12ea87a9e7e53b2e15125d14bef89ca9d8be3390bda4db200a4e91a577810e440391e562cdb0349b3955938ea3a8fd7acd0ce79b1e383b6273f821f4f6b006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d8af1c388252271ddc792050d32d9d8

SHA1
3a0f5ab084c5d7a457455740486d95449d85417e

SHA256
9736a3613927a537734a9e05d109838b4855c9edc3244fb6ded8f0e613eac875

SHA512
ed993ca687e0d17ca9793be5dc94fde2a71bf794790fcf5a67a037fca91813dd94eb04eb287b08dc053bda3b2ec633a2b50ce214fe1cfecb4f01481e7797467c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d88581680d48ebf7ff18feab84691ffc

SHA1
b66a95ca05eee996df0477c094308366001396c1

SHA256
378b0d4ecc87226733775e01a6df872edbad9c1867c50f71c93608ce03a230a4

SHA512
ecb33a92ce5d520fe5a3746603a42e412abfe390eeca9829a2920cd82986e69ff2caee565b36ee6435ed09acf9763e9741371b178e4ac74362dd506f8d7acf8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9627c9d5c242bf24d79fb51ad97a634e

SHA1
bfdd3898dd0e754d0951d74b4b3dd15b70204a1a

SHA256
6d6a732bb242c12d237658cf6bbc8f460cc5f1795b19ec4a2fa2e1419172ce3d

SHA512
129c5cf2b93546a33e6588d6fd9bbcea917382fded2e58f816d0af18472893b78afa2e8f2b17674650f00952be71a324c5e4da1cbdc94e0badf0ce27c265c112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bfec525c1586d3c8a96c71982f7182a7

SHA1
9776d037a581a216d4bb50470ca84f0b2972541f

SHA256
fc3dc898b7f34033d3f38ac2221fe157797972633370d9a879b66351f803a357

SHA512
93b34d4958c66ac86e13d1cb2d4a58c87c080c3cdf5125955edba138b52630709eef0d755ad6aa27eb38646cbaab556b1b26e349f094487cc707fd88a5eccae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84ed943bd79ba4a11124bf4264719c8f

SHA1
a3d49b960a43d2dfa2b8d8ebd0b18975e2b0a37d

SHA256
7c1a5a17d9e540d081155b36b77f9f1ef193420b7c8eedfa8be7e5f248c97196

SHA512
d8d8bd0aa88e4a54f6aab32b988720bcaf9f3984d680971ce10bd8b2355dea6f7a785dd12e30eeffb9da857e4f0bd30273fce83c1b7349db402936a6aa9245d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e4856c24-a3ea-4462-a46f-e5659ce8d1e1.tmp

Filesize
9KB

MD5
8d8c15fab72fb16518af3c404e82793c

SHA1
524c5fbb1c960b7a0375a4f7d212c17a1b706028

SHA256
5322c2081f44b72a6dc9364d2e7bf031b2fe6d3c23701e2b1b4b6f997213abce

SHA512
1201082871543708b0d58d7f904ab5d88cc48a41b5b2bea061bd6e315f47f98934de83c958d2c9ab02f243d7235703197757f9b55283e29ed9e64359c88ff81b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
da1d8cc389eec31590091b5b45aff4cd

SHA1
265d0ed70f6d53aec355a95b1904e60ba25a3540

SHA256
61684db092381a9cb699cbf39a4f9c9c78e6ad626baef32403f95d8643ef8920

SHA512
9c41d519f9dfbd901a4644ff37345ebb4bd82ed184e17494ec8afcbe72f1de0945884608d82c8bb2e04e5ad2856d03953535b8885644a192977c43de21bb00a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
a56772adefaf7079cb508de4bdaaed12

SHA1
a162e990482eb4951988eeeb22fdbf6049032bdd

SHA256
222fd64aecb046c88594df9fd794c7bfa722a4cbad520e396f495361f42277b1

SHA512
8439eeb5049c21e84d6bae04bdd312cb4e791a56b992bf727037083181c3ace8b8d2e95f44d61106593bf4d036b465515b04dfe057c262d9fe2488071a8f3093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e386be16603ae048557c5cce3b1b0a91

SHA1
3c44bb98f827ccba76d01027180ad1379609478c

SHA256
66338935316ed15bdfcd82cef32a2819320b7052033dcfd584850c4c51e0cb81

SHA512
a21de73b5e393cd73ee4b26b0816ba43fdf592dbc569af22c333288985ad5b404a29bbb69ce28c0c599763fa1c43ee1cc2d56c3bfb90953a312e3e8a8b901fe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Costura\B3ECAF7EF28870C436FCEB7E36B7B685\64\proccmdline64.dll

Filesize
85KB

MD5
c591cb11e592d31487c528671d52cc3f

SHA1
10c424983eb5ef39621574ef9c049a50e9141006

SHA256
393b930e2968cd8f1f8cf7fc33645b9f6be24aa6f24d33bf962304b0448b3def

SHA512
a58655975d682c3ee8137f798afebe37bfad62d18d95b8a72fed3f72e31c0024f833bbcbf68e8baba84a59efe1ec91d3ffd36c0e31783662d71f4041bacc3497

Download Submit
C:\Users\Admin\Downloads\665b8dea01643cce577cc8cc6cc1677e78cbf4559b7c0fbd0446dee65970b4ea.zip

Filesize
460KB

MD5
4a7c384fe037944aa74b4302a40e6906

SHA1
5b4713cdb5f322e5cefb1adadb114db4254747dc

SHA256
51556e55d208f00cfe8ca645d7f49cedcd13835922f7b0e9a0fe1ba47e49f0d3

SHA512
172e7efe763e731762866266dfe3e2230663f366cfbddee7740772a7895753dc5e3e8fd13486b9e2eabe1e5038202e8f8a5ec11be4fe8f30c86f038d0cba35ea

Download Submit
C:\Users\Admin\Downloads\CMDWatcher_v0.4.7z.crdownload

Filesize
5.5MB

MD5
477266ec255352f3e1d183a628e48073

SHA1
902219e1756d3c7514d4e115c383658b716dd2b5

SHA256
df9da98c0e3e6ab223c4bc27290a51dba5628bf9468f4ea0bdd2cdaba673e9e1

SHA512
96216f54a2052e94f321bafba0bb62ed161fcc046eccf4e1005144a75e57f01db1cf3b7edeaf0a64e1b05aa1555f6bb27df32434f851e81a20bd06cf3fcac717

Download Submit
C:\Users\Admin\Downloads\CMDWatcher_v0.4\CMDWatcher64.exe

Filesize
3.3MB

MD5
482abbf2fd84a712f565d48e286e034a

SHA1
7b33ec969cc501e1da26ade98309a544240636f2

SHA256
babbaa201e5e1bc3c68661e1c9f9a41430044446c127fb544b7294dab84ce6b7

SHA512
c06e49e0bdd91bff59a038bf466598717f7c7be49b06765a90642e0cce7d424a843939ea21035c53dd15a1a0e33f4e6ee4518f9a563fc0aec75d72cae1426431

Download Submit
memory/6060-353-0x0000000005400000-0x000000000549C000-memory.dmp

Filesize
624KB

Download
memory/6060-352-0x000000001EE70000-0x000000001F33E000-memory.dmp

Filesize
4.8MB

Download
memory/6060-409-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-345-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-461-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-355-0x000000001F400000-0x000000001F416000-memory.dmp

Filesize
88KB

Download
memory/6060-344-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-343-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-376-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-501-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-369-0x0000000000680000-0x000000000157A000-memory.dmp

Filesize
15.0MB

Download
memory/6060-354-0x00000000052A0000-0x00000000052A8000-memory.dmp

Filesize
32KB

Download