4c54bc0ae5265525c3a61793417f91142a5ac048a14aacb65e5e2fd57161fc1f

Analysis

max time kernel
150s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 13:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EchoSpoofer.exe
Size

22.7MB
MD5

8e9943378255da8d1fbeff7f29b80f7b
SHA1

d14b754d04dad5905e0a998d757bc30de0253612
SHA256

4c54bc0ae5265525c3a61793417f91142a5ac048a14aacb65e5e2fd57161fc1f
SHA512

2bfccb4d86948e8def68fca29f478abdc8c87dca4a1974888f3be06af8d380ebc182d75dd1cdd208ea8d158d67d1a2771393cbc620804cc419aab33920bdc8a8
SSDEEP

393216:dQF+a7aDUiHEl0QunM68EuYSXFdA1gGSqWsRL//3kkD6H8kyg7nQ:dBa7aQ8M6/EvA1gGysRrL6Hfv7n

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690663505833051"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe
Token: SeShutdownPrivilege	2244	chrome.exe
Token: SeCreatePagefilePrivilege	2244	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe
2244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1588	2244	chrome.exe	106
PID 2244 wrote to memory of 1588	2244	chrome.exe	106
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 4784	2244	chrome.exe	107
PID 2244 wrote to memory of 3188	2244	chrome.exe	108
PID 2244 wrote to memory of 3188	2244	chrome.exe	108
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109
PID 2244 wrote to memory of 836	2244	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe"
1⤵
PID:2264

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe"
1⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe"
1⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad4a2cc40,0x7ffad4a2cc4c,0x7ffad4a2cc58
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3760,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4984,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5144,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3224,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3372,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5016,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5588,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5564,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5836,i,16671114703496351739,10028977518005138275,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4468

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe"
1⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\EchoSpoofer.exe"
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ebd1e0c475994371b3998462615f0d05

SHA1
14e355cb59a4e518018b776164c6d0217aca50e8

SHA256
6982055c717bbdaed4aeec95fd9209e1f933093cf5419bc09194366ee80b0541

SHA512
7aa0bc09e0f291418fe3b6683c2e6e83781a2d96af1d36fd47162a132cfb1fe0051135fe401c6f953c85948974aa79343fb88a0d40ed31be7c60249ae21a3a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
23d775ac42658202431856c92a0eb011

SHA1
349bcfb24b3067f3792ad53b1e38320b1ef7a5ad

SHA256
9f6d84ff80ade22f1e5b057eca1749074d5d07c27d186797411c56028d2abcc1

SHA512
4fe78ab9ffc0c753fa86e1871dff25e12bbe6da41ac73e7a0d8be5f0f0a6d2feded627b191f5a92a6f557513450572f8e7a1b0f8e097522b15d59119fb25afe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
d723235a8b08ef49f286253400a62bcf

SHA1
0a597c11c274c4ccaa7792483e221a1dba010e9b

SHA256
5caa987ad6932ce0673b51dfc4a57a0b2a6825b78da8d604506edd3f3c8f54f5

SHA512
019881c65bd901ff52511308b241567d31a860b0bc388851d0bc7d96413d2721156ecfdbe7c84a59ba567abe9ae01e082967fd0d8fb23e73cfe8fa458aa431a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3e64879ec8880a14482e0edba697b82a

SHA1
33a4ad0a2a3041d3d30130a8795e43c29eb9d30c

SHA256
17a0f87a1eb54514916054ffadad88d5e78c7dfb6a581f5f167ca8001d446876

SHA512
3ca5f8fdaf0eaf10df2cfe5dd755a4233edf454cf0ee8c987abfc8b23d08ad0c72ee88cddbe9e450e0a7aab5e895b966391ec72f271cc1a69615c63caa2f9213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a35a3f6e65554fa4714aa5ff309ef04e

SHA1
986e9d2d1db3a3892bc1d3de8da03f0d4a0e4d52

SHA256
9e8c316afebd552f8c60231df2a9a2e983fc9243075a04ddb7d6c42ccdbc65ee

SHA512
89a39938d1b17d35962a9e66ed6d130fdc225a745f5e58952fc2d19f030b61e3f8314c8391f978e11709d865e6fb56e78a4b68e2e1aa98d1cc6e717592c3e929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
469e75e045e83d7a1a1eafbf1199a838

SHA1
c0fea290794133453ffa26ebab8c6da5fa220861

SHA256
c175803f25aa055678542a37f5dc6b9472f6bbd6e0259e30506bbf0e41297d4a

SHA512
e90adf9a506056a92e17259d8e0d702b59dc6f255f9b084d65d63da7360d06b394724c45bc69fdd6a33aa13a3bc3f13b649e6c2ae25da1028c643eb9f258fc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7eb8e6cc021e84b955c5c10386ee83d5

SHA1
a280d5e4f7c8555ff9d5178635f20e0e3e555784

SHA256
67519a4ab7aa779156f1bfaa0aea5e2af9803904e84341e3d84fcfbfe8b1cb88

SHA512
c504df3afe498809d13e27bf8aea665ef5492900948e3d9a4378a596ed566a65613526e59ea42c475fbd988c8b9d87d73f2358eba82004817fb1393d087ca3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
533fea506b90502793abae5eee6ad26b

SHA1
af0b70d5ce875a9e2285020a7f1e8839e66fe3ad

SHA256
3d14e94caf2e7ab964e5ab648f414981e13f848001d6fc8fba42edc0cd25fe64

SHA512
c8ba9729d8f06fbeecfbc5087aa0b575b64d1bb979dab91d8a9a5eb0e043a9acd9c47edad2f5f2c4cd796660fe479c6d31672fb15b92cca274227bc3b7a9a495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a247c2b6e03864a7f1837a96a37027b

SHA1
866957ad09615269de986a5a06e3962fb2cdd328

SHA256
be284e382629a669ef1aa986be484c475b5861247cd256c6bce9cc75af571cbc

SHA512
cca170686c97b4b94fc1d1771de230e2acef88ad7d2fb9ca3244294cc9b6f28bc0059d1f9dc0b2f6e7afda8f9832ed6de90e8f8d2bba074d95efe4ad5137b8d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5685eccf404b7c5a8fcfb3f4a9560939

SHA1
24b988e0ef47a363dfdefa3c73ffe8243fa5fb32

SHA256
3f21e465d3b036a46e2093c6cbbff2956eadb6b8ceea59acc8c5b6deb9669213

SHA512
5fae2d49cd014e6002e441b09c27e31c9a8b67b92a18e3e2b93f8542e683d742328506fa2bfcc948e255ef46ba8475adc5265cce07e3282c6a53ab7122439615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a17e5a3ee237fcdf7ed6cf965248cbf2

SHA1
e1b7c9e5d8b688eab822d1fc4052388478156cf3

SHA256
9e362163bbd7e15040c6b6c72ecb4c9cf3785f3844e6cfa1f57ef4a3e596134c

SHA512
5d13cdc505f6aeb5ffe3d87143f5bf1be66d9efb4667271c8227db4b943d44caa81dc14697a2e364d725fe1a0285c0f8e780ca79eec5001ab62c06273f03db51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e93130f9de6f6159430f264ebc1382c

SHA1
329a261bda877fe23cad9763b3bd8fc3256446a4

SHA256
f4754c2295424e4506b115a0afe8992d07741f362d33add9a44253ed2c281bf1

SHA512
3e17fb49121152dad141a587aeeed74948e4cb3695d58210a51207ffce2b2876944b8574d6b8cec31e00a02c334f2229af8884975e24de27f3383b1d5a0a8efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8332a8a81bd7616c23c40ed6d79cefbf

SHA1
ab73cc32f7760d3223bfd970b5af7bc254a9771e

SHA256
d4aa6af885ed9552f5bbd1cd8d4e82cdaef83566be1b36f9003b3045f9a9b6f9

SHA512
4dc7e0483763efb0408e8f7a6e5741da0b2d2e481b878e54615831d6c36a09855b9bcf631eb56aa25e4ff0bf1a7ea9e6ba86ff334b28f41524c0e01f6171afeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8f8c93bb9e338c53c5563f39c4e9d43

SHA1
bdd533fc670fad84a7f8d329441e913a93df8811

SHA256
e57eba1a878670785e92075ab927d50e9ffca15df44afdd48e7938fa9de57868

SHA512
71d00cfb3247a5747e4996f16bd3d9503aa8a8611b2784d9d8a3af69f0f292caf95deded7974babfeb31e197111ea58cd1682cfe470e59f2bd56511bf76215b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
770bfbf84d88898d076cf559f378c8da

SHA1
9db6da9da59c9b935c2159c877c45af38f21048e

SHA256
cdac87bf94aa6f92ced41a3ef2f0264c4e66fbff9521082884a83a12d8acf396

SHA512
e4a145fe14479408d7602e52aa9f356da63b35f5adf868c4681b64a4027d2782fc0e72f28d0969777eace4a31cff1a58bdf5993cc6d7bb83355e3d2d5ef9aece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
63df822dc6cc42c65b4d1373e95faec9

SHA1
b2c386e6dd74a65924f5c794e254231e591af9de

SHA256
c245342f4cf03ec328ab6e3fba40d9ec36fc35fa7f69b6ae0cfe1848c3c5b5d5

SHA512
e2d1941c0ef6e5283e493ccb87d67b39f115e1529e8f1c2a51b545f47eb99ee02b18c422250cb96a1d4eb870cafc92995cf8cd01378754f468ddb1f23d845378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\55ed95df-d7b9-419a-a5ad-209417f8476c\index-dir\the-real-index

Filesize
1KB

MD5
b27b7f4d243cae0628053e404012d097

SHA1
5b2a2179ce4a64c574eac40e482d0c6488aadfd8

SHA256
4625ca6876d98afc57d521b6a3501419404a9b4a7b0b948dac674a6b833fece5

SHA512
00fa9aca9261fd351d171c3b3645d9d5a4c2256ec9b6e4eaca95806e233458a19e15a013a522cf39dca355c4d2b6d4806a831803bf7ad9e27f658db02cdbd79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\55ed95df-d7b9-419a-a5ad-209417f8476c\index-dir\the-real-index~RFe595b55.TMP

Filesize
48B

MD5
1e4b1b17b326a18ee37bf82f19b1edd7

SHA1
92381724f3da670eac1abf36854e794bafdd966d

SHA256
3c54aa5ebb81a5b3c7e6c26382ff45fa4ecb2b3c7d63ee8db799f768849d67fa

SHA512
c4b2bef2639d68531fd1b4e9f50205b8511ddf58ac2a31299c3767ef512d17935579c8a1a1fd807407c75aa85e93837a036fb042c9aca83aa325801d738ae2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

Filesize
147B

MD5
b276657bed6292e49e6fdb7cf3c7899b

SHA1
38570d992d183d8ddc1a9155c41f4a826f074d21

SHA256
2186db0c6aaaf55b97607c8382765240f2bd241ddf6af305f411b5d8ec95bdf5

SHA512
3497e3e2ea08bdf54ff3fd9a71dc20fd9d1c00513a0c4abeb1ced28da980eb4826ffcc64e8b3acbd964f882ed84cecf75f842b72eb206997c7e30c01ea7384e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe595b65.TMP

Filesize
147B

MD5
f50619f35fbed50feb83b5d1156a1de0

SHA1
df837f1a799f10b9d6f433eb244acd5ef61de8bb

SHA256
761f1d9506223b49f6fc1663d2c714d5af1ce10931ebffa46271140c0390748d

SHA512
fca991da997d313e81a06a4d9aebd1e9628c96bfac8f1850ce568040b8a36c99303b1d0b84b81fd1324d4b3ad6114efeabec9bc33d555643ba44a8cd644dbf3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d72b11cd825c230d032cb29916af1c16

SHA1
3883b9feb3bfcd4c9e90086148be45b28f46005a

SHA256
2742e75c289d7392e0b533bdb7fd5c389be508624ad03684e654157fc1d8aac2

SHA512
4499fe6b1bd884dd204da1e84f5a692d463292912fddf4706b3a5b2e43a1b56f8196109adb613e9095570bbbd70b8477b1ad9434e99df7165ca3f34f03797e62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
ab5e0b0cb60853d7aced92f3f386293a

SHA1
b107eb88e012183a8734aa066c2403293b4cf4fe

SHA256
afd98323b87e0cc0c7705fb25e05661ccc85954a62fe7cfe93e5c6ad21e90f29

SHA512
8f4199d6cdd8beaf273360884577a8ea54477869778f6a84a989d60bb7d2c160e255d08cc36ce8c58c00281cf6ef2fa4466b509c87da626e857f9582d69b7736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
48976296ef2547325c4738dbe0a5122b

SHA1
4785fd86fc1443cc94bfeada43f18f945c0179f8

SHA256
45f1e3895c141ee9b285aee6cc4138724264ffa322660cf13fe093f2d9b2933d

SHA512
9c9f4deadbb517a19d0e7f0d43e9c0f1da5af40333f4d9f9e44f08f367fac51a6fd7f0d99a14d35c86d18a1672f0d386d5eb6e9977f617f89499c6c7de220b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
e6f5c49e81ed7513b3ffa24cb5bdf160

SHA1
5f1a9eaa09be1e05af2b4efceb3f5130f69f2893

SHA256
d56554e3d25f4d45d2657b5871447a61bd00a93817858e9f4b43eecba795e730

SHA512
dcf94c44d44c8f034ea69820c7c718a4e28a03c59b8ce6b614eb1b3b370988b29621414a4f6838144665142f30cb881dcc052732ff5ace5d7ac8b22efc1ab820

Download Submit