14c810ac1f2a73be3b565f43d65e3576c42d750b4d6d15f9e6208c3250dfda0d

Analysis

max time kernel
101s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

undetek-v6.9.6.9.1.zip
Size

47KB
MD5

f77c2500cfe91a88ec796fa23137ca30
SHA1

ac53c5e6af706b6513b1f9e67cec630780be12bb
SHA256

14c810ac1f2a73be3b565f43d65e3576c42d750b4d6d15f9e6208c3250dfda0d
SHA512

cf8d96abd3d41cbd7f63dc5d678594877f84e1d428cdc6724cc59aec16d15d44e345a3baa7b2feeed46c1d54979eaccec18dc46097531fd349d83c4f653d247e
SSDEEP

768:Bnt2qbsN8X7T9Oqk1mMagu2yMwVq8chvHo7L7RGG2OtzL7vX3v29kOCQqJT2N2Mn:BntZsWX7pOqkQGu27wPW/o7PRGXWn31I

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3976	cs2.exe
3080	csgo.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	undetek-v6.9.6.9.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	undetek-v6.9.6.9.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cs2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	undetek-v6.9.6.9.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csgo.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708023156396323"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{A33A4F1D-7073-4813-9F4C-83F0AD0CF9BD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
2528	undetek-v6.9.6.9.1.exe
2528	undetek-v6.9.6.9.1.exe
2356	undetek-v6.9.6.9.1.exe
2356	undetek-v6.9.6.9.1.exe
1176	undetek-v6.9.6.9.1.exe
1176	undetek-v6.9.6.9.1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3408 wrote to memory of 4008	3408	chrome.exe	105
PID 3408 wrote to memory of 4008	3408	chrome.exe	105
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 4448	3408	chrome.exe	106
PID 3408 wrote to memory of 3236	3408	chrome.exe	107
PID 3408 wrote to memory of 3236	3408	chrome.exe	107
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108
PID 3408 wrote to memory of 1592	3408	chrome.exe	108

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\undetek-v6.9.6.9.1.zip
1⤵
PID:3012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1512

C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe
"C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb663bcc40,0x7ffb663bcc4c,0x7ffb663bcc58
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2492,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4524,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3444,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5008,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5012,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5220,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5360,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,2764960519976615662,738359285263711380,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3232

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2188

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:5088
- C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\cs2.exe
  cs2.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3976
- C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\csgo.exe
  csgo.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3080

C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe
"C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2356

C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe
"C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\undetek-v6.9.6.9.1.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3eba883a2ca9aa0321304e4690168aed

SHA1
0608215e0b232a25d21a9f4d5ffe11ebdc136f4d

SHA256
11d328054620456bb199bde4fe133e9ec744a06252b125254f1dacc1dfa7dba1

SHA512
ae7ea7cd7616ed33b7c3689be1245952f64f3ed46c7c64f27fcdec93b0c68bc9e73ed1a130e0b9f363ae8969059a82e355f3d2a5aeb2422487fe636b2e50bc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
16KB

MD5
03b1cfaa7d36337d472a96c4375e612d

SHA1
11dc55047e35bf5de4cd9355d63dfb260134fc8c

SHA256
ee0a54330955c4516f7f57f9cd56eee28900863f7de6598458bd88866b7e40ca

SHA512
7d7750b8622f0a6c3c9cabc582956602c531ff8568f18ea088d267454cf25a0dbbb1f5a43215fec995e9aeaa379976fe044d3ea3234db56a7ab4a5444273a437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
29KB

MD5
307cc9c90b07960982452fd122fa89ca

SHA1
d3f42e1a37b7a5e959c39a58d2a0a0e052b49961

SHA256
c6d11eb819da4a0881a7a97e06c203056dad988b7e2b7408c937956a1e454718

SHA512
ab10518151cbda16a00281e1788421e3755c252feec398ed68311cb7d72d9d2b7cb199b542d108c396212d01d194aba61de8626e4f8208421ab5dd9926ef8b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
60377f890bd1f74765bcca029d0c1403

SHA1
24b5b7f2087307dd7e9b1091d3c6b05648ffc68e

SHA256
b2caea6f4e57b225fe84096e3217d06ac8a4342eee24b3843bd1f16bbbd4d2bb

SHA512
8b2c002446f758d7f8d9975f1ee1b61fc849f2518da13259cc7fabdcbd77f59172bf0c04d2749feb5677758a0c75977b097307041f11ddc34a6a2b7dcd041788

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
943a255d27cfc2e1d42b71789030d64e

SHA1
17969dd517e8dc4d440c493656d1c175d7607f58

SHA256
44a9409ac05639e1e4cb553248c78cd88433d73a1178398fe8c75ad6a235a9a0

SHA512
07b26847cf48a74aaeb9d9ee0f5d550edcf8fd6d7e2afc43d18b2986aae116c74b27ff5137aedf3f658dd26acbcdc11c8b1dd174390b57d7eac0574d3125af12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_undetek.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
31dc08642300ef598b4ca8519af2c161

SHA1
bad2cc13341e6d34d5e49c7fe2189754b2537b39

SHA256
bede66d56eeb76b2aa8f5513c94903d00740ddaebbf78a903a3e7fe02fdba8b7

SHA512
bc15d2db841c474cffc704247b1a1b911c0f73f0a49901bf71d8f5139b1a6cc91f4ae043efe5f35c8b4e63f49b9fe2c423644f4a0949817f2c9ee43182dcb69c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
61d2c5c09f9fd2cd1eaad2cf3d892bf6

SHA1
b6cd9ade9ed811ced3079a89f1c12729789ee394

SHA256
5f99d76d6e2b1e15ebb3132ed66651a92f48bbd1c77e8401f8c3f60348315921

SHA512
6aedb86aafe6bfc5a671bc2b86a6e5b415cb76046e2def5b0babf5a8a35dda7fcf8e2ef55af408a0c868859d067e3d61becd3a95177a54f3a027c48ca8eb8ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
447cd3d7d22fbc252c3686fcb7b0779e

SHA1
07070c58666a23b2c8fc47a5f58ab6b007351e37

SHA256
cfa07e7e1d2f460c6f7b577d559cb5931a63663b614db1052c2fdcd0f305bc5e

SHA512
9f0ade394731c65740d988bfacde94e6215bb77854d84dbdeca0eea3f48216f9bd20f28ee21511492bd5d7bd1d50be5c2f929409e0000a59b3458c558de37c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a4e2ada09bfafed6f2991c902ceda1e1

SHA1
59dea303ad8571d6029a08c98e44d82c6fc8caec

SHA256
3654c0202ddcf891f4d16589d1af11881d7f5027f14f6bfe871bdb138e55a76c

SHA512
14b701e2a030f4a7af2dfe66a84db46719fae0956a629270694509f79891860c16cf9f0debb8b709c89c94f68f7e23ed50affa3b928f372f2339e74d360ed15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e3fa7175509907996cc2861c2fd7b4b7

SHA1
20475eae01faf0d1ca5ae6988be244d310d0f2f3

SHA256
02610424d4c7d7b8abda1e8bb16bdff0193bca6c3375d363e5fa44d1e63af6b2

SHA512
9f0af6b75e314113d21db65074b9ae2d7a1da39f866da1626ecf756cb83fe83c0a210ebd38abe93f879d44ecfcc1745dd4fe6026786ff4ffa0c42ad261a9f485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
997e759b906d99c8f19001b288b2888b

SHA1
89ca7a92e582f2d762dc0ac59d88e660e9d58c23

SHA256
43ea11714ed5cda0266556bb46f9ba376c366b23467ae946ea5482185d99658a

SHA512
ba59f9d2aa694558b39eaad7a8dbda3f7f35054a6d0e3594ff63a074f9650539033ba0b1d66c49146cdaef048b3ff216820ba6a5d42cba94028da6caa66a46d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
79ececb16cb677514d898aa69d952fa1

SHA1
7e85a0f1b6cbd360be1085b258e77c20186e7776

SHA256
ca9ae8a4351466d153041affd72a89895555e9e3262e4e34ddcb4eed42bff538

SHA512
901890434bd9a4b3cdaff26166a46d485bf8f9c50db52a37550256f3bb0c381b8a9c7a58136289b019a65c213a3c6f3c8f640ee41c764b988acaa183dcc101be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
031f3b2041b5f9de0a06c0af19cc55fa

SHA1
bf3cb7cb3b78e96f60dfaf64afed34ea5706c1b0

SHA256
597fd8516c70a36bacb16dff1b07895679fb307dbe1dcc80dc47ff8cd098b8cf

SHA512
a291a7fe7c8973002324f97c894d374883d7398d6aa1af900698381678e615d3d4896acd0896f2c265079da956cdee84fb27620ef20707cb3820730462d1a73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
9b5dc7db5ccd978283a80b5f0a68627a

SHA1
5ac4f7db035bbf6b0285acc1c52722abd1cdda40

SHA256
bd483c57ce3a40c0234aed6ce709b1c2a1a3c4fb2591595afd0da9be6fbddb9d

SHA512
0bfc7dee0108524f2ada68cab8c4f1e23c7973464dd02e8130f66693d45abf015da43be6dee260f0840d9a7f9b9494d8b1ae66ff1c62821d38c702aa025fbd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
d6842581c3ab98d612086bb68c49c247

SHA1
9649e9bb489c77665ecb4c115edd8b78210dc5ff

SHA256
68b70dd22e09bac262218bff3cf6b335a98386e443c18884c57af7749495018e

SHA512
99dad568d5cc6a4bbfebbc8953e7ab989fcc16ae4f17a94395d1f378a79eae4cb0dc90a513023fb16ac130caf5631293342be8770c10d4b454e00164a3a50b71

Download Submit
C:\Users\Admin\Desktop\undetek-v6.9.6.9.1\cs2.exe

Filesize
231KB

MD5
d0fce3afa6aa1d58ce9fa336cc2b675b

SHA1
4048488de6ba4bfef9edf103755519f1f762668f

SHA256
4d89fc34d5f0f9babd022271c585a9477bf41e834e46b991deaa0530fdb25e22

SHA512
80e127ef81752cd50f9ea2d662dc4d3bf8db8d29680e75fa5fc406ca22cafa5c4d89ef2eac65b486413d3cdd57a2c12a1cb75f65d1e312a717d262265736d1c2

Download Submit