hxxps://openbuxy[.]com

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://openbuxy.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247808039687566"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
4688	chrome.exe
4688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: 33	2564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2564	AUDIODG.EXE
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 3264	3716	chrome.exe	85
PID 3716 wrote to memory of 3264	3716	chrome.exe	85
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 1344	3716	chrome.exe	86
PID 3716 wrote to memory of 224	3716	chrome.exe	87
PID 3716 wrote to memory of 224	3716	chrome.exe	87
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88
PID 3716 wrote to memory of 2568	3716	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://openbuxy.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8b389758,0x7ffd8b389768,0x7ffd8b389778
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4604 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1152 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3492 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5888 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5088 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6052 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5664 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5364 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3924 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5664 --field-trial-handle=1776,i,14943122039493203079,2958003483021405370,131072 /prefetch:1
  2⤵
  PID:3800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b4 0x3b8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d4acaafa70d98ec0b1d2850baecf7418

SHA1
517689681f489edb518a4657a750eba8ce868008

SHA256
dfe1bfd667ca39fda15aa6d30b0ab5e017fecb48bc86a903e8a38c1b4e6e39a7

SHA512
3c28b4b79f58b44804700d3c77e298760bd3630f508e6f359da4be1395c9ea4c9c35b5fc169d4ae795e22d4eea21c6cc166bc8dc3d9dd5d8dfd635e7495b7b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9eba2f9d39d52495d8c213a3e1dc6f78

SHA1
b1f466b2e5c9d463f286f7f9b91b2443a3056962

SHA256
40a7145789c4439a53c85fb8749a732bd634762db64612718c59b7c23a868988

SHA512
744cae19a15bd0d58b1826533bb3739f27ac09f9b24a7ff5c4ccc8c943f05ed71f0c896770a6dd81e1ef405bb2eca082acccc5085d924d2592b54d643a9f2d06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d1d5448b319e6b72c10ddf6824d20470

SHA1
7540594996411379a399576d389975b88df1c2c6

SHA256
568a9d7f0f57e41dd8baafd58a96ac884476008e5887bc83736d6d39aa4c5940

SHA512
1c1edbd2823221084918a3fb0fda50fddd2af0df936d159a15e807c85d1b30595a462a8f44ae63772193ea65980efb5f127d7d43445b38a958b51ad2b6f1bf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5c1aa9c941887cdacd7775d3078934c1

SHA1
ce8b3990e620b70728a762262ea3b964c1f00f45

SHA256
6f32171d00eb250ee569f221f454690c45617768e48ff00c6acd56972b25f93e

SHA512
6de47b580d2eca3d031c4afc92e969d99a143a552336e24ce5036889b69ec8d1378e6b165aa4834012b5d9570494cf402b43ed28437ea8922c17ef07b6c0ec12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
883bf75ea5f9cd2cc1a222250a37d92b

SHA1
35cc37101b5bd95e1fa07febb21733d84fd4da4e

SHA256
e2dfbd5bdc400fab3246ea675f88ce00bb220f27e884c242520216863a0995ef

SHA512
af838f04f637be177df9a57d9c79f2336e93204ba3dfc868925a12ab1d6fea853c98805340cbaea54c8f1e778b4e4f7672bd8c3e449b2d67c63347031045ec5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
26725c9c7f178a9544a59ec1c282f894

SHA1
4d5fb5e36b4e9fb5621c44de44dd54c66272be8e

SHA256
9ba6510b84df8c75563667c278c97c59db97f15abc78b6a5fe15160838ee702c

SHA512
5fd3d11f642eea67fdf41b332941310037ce339614a5d0afcda2ddd160f35d88c83be3f427fcc237f2de2140bbf73e5885ac3f08c5ac259261056600359f1f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3ea9c31f5b05073d5fccc37009492bc7

SHA1
429a43232a3758f0c92a36b64c3d3d0bdaa4ed4f

SHA256
ef9273f8bcac9e2a26331d850b2b05cdf0ca0044cff8e80085a9a95ed952326b

SHA512
37f0177284daafd521bc737f1fde61e8bdb386e1cbe69b884808212e14c453f522aede8a0233461df6d5c6c15a3eeb40dea12ff24fb40bbe3081a1abe19aef72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fedf4786918d16fda10c8ee87deae58

SHA1
221b546422ae4a9cb4bb1d8e71a25a4c74224668

SHA256
08cd686934d2b43ec3cb422d7196f0a7f65a5b572420b6c53e449f612870fc6c

SHA512
463cc745cd8740ce5fc560f6145db4cc6bc435f1214b1a2657d812072f030c2434895896aa0074473910cf819777db13a67156ec39e14d2c24a073219cd6b9e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4ce13b6712727684e9640262793f5f65

SHA1
6a3af427d5a3b87bc34538cc6a9ddf546df4bf00

SHA256
f74013c1e5e62dc420088ec20124820142ef0e971dc1ed9541b041b055d7022a

SHA512
566e28da8c5c16fa709907ac8829b90838d4281db7cfa1821f1a4c12af35a6a294e4892326487ff78f54f40981ed7e1c28bb0520f4e69cf82360be2d98b8ab63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b5975107faace1d3c5684e6fd949c980

SHA1
57febacae9d5d3a36c08f9598ef69ffb90068f2c

SHA256
d742ea0b344949b6f0e34dd4bac2288fba956d895981a50432a6250cc1755852

SHA512
98a79c0f59469f0d446a267a8735ab93b216de31892fc56893f8fb9700b783c534c2becc366f91932497cb1ff0da3efd7cb2fcb847a755eccc71a66d824a5b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6da8708a6a2666a13b0d081d19f3279b

SHA1
bb1e165f217779ae82ba49ebfacff715f57bc9ab

SHA256
d8cda44464d26eb7b55c2deed5732b7c92ed77be3333ca025a1934a153c828aa

SHA512
30835da2d95446a0da99e0bb202a938caac31c57ecd3adafa8211a55c7e0d10c0664705fbca8b4ffc9146fc30ac899ba050403e26ae8c7adb2034e48d8c63df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5a591776184761342135ba3c44b6e4a8

SHA1
03f66cfaf87702fc8540496e7ab31a32de777640

SHA256
9a08f5fc35b29856a4950ce0b5652b541c996a5f9b59b9d45375d0394ff19620

SHA512
21c4199f61f96c2a4c20c86ff7c502222b0207f455bbb19cb8346e45d8ac524f55082fa734439d9a81a1ef319d082b13d48b641f0204417a4e1f0ec341e94fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
007c5f4f7a95b201378e7d66cda58a52

SHA1
2cccba109471d775668b880b7a4a49b1d5abf041

SHA256
01b016ede2f64db248a509f507be8f2acc9c0278dda1f15354e0573c4c7db7b7

SHA512
34e21776fbb153f1ae1420f190ee1d731ba4b6212c0513700efb84e398eabd8402ae577764ddae06185a2b2ec0c91876df424d3d2ef9b43b2da579fc13655b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
970a04fe60c46f08326701f9edd1f2fd

SHA1
d3141122148c96f4ce60bfade3dda10b06c94aa1

SHA256
1c1bd43bcd4314dc47e200f48303ddada75bb9143c900eac2eba86f38d3da184

SHA512
f632fad4f6e27ad7a77dc5c2a374b55d2b7ce99f9589a79785aa84be17d8bc6e6fde4e8522102132270da953d5291e77d26f410e918097157deb766e0cbc47de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ef7e13ab7f385e5984929d521b9843d

SHA1
db9e3c58cb2e676be5285018527b4a7723cdea7f

SHA256
f8bc08c73e89d68f15a8a0dafeb08a0aa93b350ca178c5bc26aa0f5c753fd5c2

SHA512
f7ff69034f4cd2ca1a7ad3d4c493d26becac95d33da6ab917b4da70157c73e2c2f013f716f6e58094cb67fe3ccf6aac7dcaf7692bf3b0ad31908c47e62c1f910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
65eeb0f6dd83f82820c398c1bd2a441f

SHA1
e5a59607642ad89c8b7ec92431d0cfb4304e5eeb

SHA256
a4326c03e521a09b58b92bbb11bf4196b001e28d90057406df319d7e93b46c16

SHA512
80e378f993fe439bdab9f751cf04378d30a32a5d17b30fd9087931b1a29ee4c58699f26f6495680c47c4dd1cb30cc43cba47f79fbbb4dfe15ec5529d69a9b31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe588a3a.TMP

Filesize
120B

MD5
23b2ed1d027c346a367cd8299ea72f6d

SHA1
e8586fb61a18bf35e6645a2d2db1307e71bbd774

SHA256
f97cc1c7dfe76a837f5ed3eb8a4e437c595c94c60d090390f2fd957bdda6f2cc

SHA512
e8faeb6cff3f0ba71668b93790552b3ea2bc7e6b794c2d128d6ca3fc0941d3f86384b02eebc38a91d434acca7d03b176912750cace9165fb6e2b97bac4199dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
16f14f603afa0cd79b250963fdbc57a0

SHA1
4e09091de18c4b460bdbac01d6b31bbaea5ea753

SHA256
1ceb962f151b563b3a1ef68b2f6f987f32ce478a6af5d5bd98d821ebaa520732

SHA512
19dad715bcf7d97c60cd09a16f1a14cb0f75f41f18f01479b70cde2ac632ab6878fabfd90b25a03b0b63c1d22692c41888b2962c74f0e9f32276e715d78b705b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
712320c2e40f6b1fb3a55085e1636065

SHA1
657806ae6632b3e7006b4d3c8e67db05981c605a

SHA256
7aee1e3e0c904dd162f2e53918690333912667f9ceb943beda1b605873f4488c

SHA512
6cc470bced2c9e7775fc1c8b6aa10aa94ac4f6e56600abe3b913b21ac944597a543a192afef4ddf85d36a9dc968d554686bd717ff910677b01b3dedf7b4bb4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
569c079cde10298e91a4115cdbc8581c

SHA1
2063b35a65a4950d80fc7701a1b986b358a95a78

SHA256
839e4e5833ec42e2a55c57bdd6519523f040ca9677f85a56132f03202179bec9

SHA512
9c78f9370c45679d1a6bb909bcaf0e6947736c24a3ab645ffb8a2e53dc598306040cae20ca6ed6a87c24285eaf0690b0f275a9c6114b4163f75f895ca56269da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
da22c44d0dee47d3cedca3fa87736c6d

SHA1
b801b9de1ecd4335e598b2d0d4d4d8511665eaf3

SHA256
6a7e7862f765d235a52448dc61868c18c091b0e9af22cd3aa81d161ee3ff46ac

SHA512
08ff802630948d03db11c9908851814d5dc66ed294cc54f55ea059232ead52289b879cce375e1eef70b9a45700b8e11e1bbbbd83cd75d7080113717da1f6a410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
4920ce085a71f295c40f408751b7aa1b

SHA1
44f1ad6d434ff93dfd9ff84dc338074e4e1dbb42

SHA256
00821c35d41b88a1e7d224234ea2956aa18ef8f0678825cfcfa5b8176dccc67a

SHA512
580790536e28b475098651f86d3a91431286cb56c8e33ed1f5f85c37e9176290cd75b5c75d65f0956bdc26d706618fa4a64964b756a93399716ec16097549aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
656a64a0665927d215dd84f880a016fe

SHA1
beecb241010ec4c31a1fc964f0bd763434cf2f27

SHA256
2447d8f054609ce301557629cb6e45791241f49fcfb4d0f0fd3a6345add46af4

SHA512
0e92dd52a4854c3ded54e48653c724e9982fc6039f7bd537ac5b185dffe68edc91bb1f6a9d68a7adcda42251efedac5022f87120f38ad2fb0b351ba98313b81c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583d23.TMP

Filesize
101KB

MD5
408366f291c3320ed8ee86ea228a7fda

SHA1
6fb842f196a5745dd3a7a74150410022d2b7a879

SHA256
c1be58c896dda99000370c13f6685be75b39b84c2cb208e8295cd50b39521ba6

SHA512
395caafb80b96e30e20f3966b9964b8b30859cf2fa68d77907767046c598381050e77d90e44ae99831b2c51019b6133c0373fe4dde454b5b7c5378653389cb6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eed58096-1269-4ad6-a1b2-32a510e00b6b.tmp

Filesize
173KB

MD5
854d1e16cb9df6306582673d3aeb5a74

SHA1
84ba2cf2d502b3a1c2a104e5b014c570b81d0022

SHA256
8aad9504ed82711227c9f725a5d1cb21e52a7f0559711155b6652f190726eedf

SHA512
38d7117967b229ddc0ee08b6eec834e4f0bcb9553e0affb07348b2910b16fdb1fc812d55ad027da5b6dd5df2bc9811c010e93abb321da67ec14e671ce642ee06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
a2eedaf02cbf0c5c0643a9d6ff2e971e

SHA1
8629307e952c1a7966ee18e0d2d229184e18d903

SHA256
33eb30f6aa64474f7ad9bb7e008f0bf474cdf2201acaad3284e7118fce4a6986

SHA512
fa27bffa932b742dd48e1de6d3ec9f4536da83b156b0d9793b3a092d636db08c57a16d15e579cfc8f75c5d908dc91808e4e5a66803b43a32c59c0a191c1cf9fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
96b9723ffa394e31f61a7124ead66350

SHA1
e3bd0a421a029e7986b21b40e4654d2f1a06f9a2

SHA256
4373b7a575983d11eb1a2a904910d182792779b5a80d5b1be96efb2146e3ebca

SHA512
814db9ffcddc1dd71aa86272d7f11ec8ce770c0517ef08398172cd260359cefa8518185e6174f235a4e28a271329c7bbc06157dd2d5b949004bd20fa02f2fb2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
e30566c9070ccccd5282fb9e114619b5

SHA1
5ed0b6e66c8a67b1fdb0d2ee3a84cb496d6660fe

SHA256
ec3874fcfc81b046919578b7f783c8ec5233e30252ec6301d0f50d15b2c39d1f

SHA512
f9e7ce4850b015127a40e605f9537c4f441f10e3e9778e3675cb88243b434f29c968b63a208197a3bd931b9bd4515524ddb3e394464d10a4de12aa4ba0f2af65

Download Submit