hxxps://github[.]com/GalaxySwapperOfficial/Galaxy-Swapper-v2

Analysis

max time kernel
161s
max time network
163s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11/08/2024, 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/GalaxySwapperOfficial/Galaxy-Swapper-v2

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/files/0x000700000002a843-405.dat	net_reactor

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	camo.githubusercontent.com
15	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678300862304702"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: 33	1044	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1044	AUDIODG.EXE
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe
Token: SeShutdownPrivilege	4484	chrome.exe
Token: SeCreatePagefilePrivilege	4484	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe
4484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 4080	4484	chrome.exe	81
PID 4484 wrote to memory of 4080	4484	chrome.exe	81
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 3136	4484	chrome.exe	83
PID 4484 wrote to memory of 2792	4484	chrome.exe	84
PID 4484 wrote to memory of 2792	4484	chrome.exe	84
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85
PID 4484 wrote to memory of 1752	4484	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/GalaxySwapperOfficial/Galaxy-Swapper-v2
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdabbcc40,0x7ffbdabbcc4c,0x7ffbdabbcc58
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3048,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4480,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4616,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5012,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4612,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3780,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5124,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5600,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5348,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3324,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=964,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4780,i,2399691817503691247,7960962561113068235,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4368

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1376

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
635285a7a82fbae082f3adb7e80c0e6b

SHA1
a724eeead9b714a64413a89ac5c07eb0aed19b13

SHA256
289ea37df2d8d2c91036927f04527327592f5e3f36e4770d31dc654e7076dbd0

SHA512
c21642736b8b3e1935e829a5f86d50e5d90fcb070e7a47904ba7277f3dad28f4e3329d14a3cf5c93f3d18068f23224983b290d5ae70bc80b2fdc7685cb51051c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
814KB

MD5
806362114d87fc089194ebda01b353ff

SHA1
de37cffdc0b1e3081b91c39d30fb7d9672fce8ea

SHA256
0f1ab4bc37ea6b9e7da9572e24ae301f70ef64f0f5f8fa45a41352e5e8720e03

SHA512
a3ea2c8013920aeccc7346fd9c0c4db1ecaf35c11ac41ba49d2e9270ff6045c1d52177ee4dac89e2e5f8edc97b10a775a584bcabe346fdb671f2a2affdc9d938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
1024KB

MD5
88ae376349a1a947e8d5c0639248cb8d

SHA1
51fea68e0a4b26d93c37d1b58ecf4db157f25172

SHA256
6d047bce433a95b01771aeceebed8838bc310622b558a011885b9412601e3750

SHA512
94d8ac823c623dba15ae1df4ea299e456a0dd9617d52e8735a6a1605b641f44d7b5357e7f24c80986bd5af42547d3e31eb39c8d2613f92886673818b3c154cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1024KB

MD5
9927c9f03f688a4c600941b4475ecd09

SHA1
1ced96bf828167d9b324e520186ed3fbab70eea8

SHA256
9852105cb8608d1af83cdcbbf84c318cf6844a062024a644d50d590bb7bc41a1

SHA512
3345cf4fde6c32340db0a33fa297effa06413ad759592cb64909cf1b415983f8c71cc4afe1977a79a7f6e51347189a42375cc7751c249d8c8d3d6faeba922e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4c24b650a370ced6308d9a0b79973751

SHA1
350649deedde52d40405883a341d9fc95bf2230e

SHA256
5874605cb7aacaac972b399a97b78c8415b616c6d7ce2ea4dacd05779ca095d7

SHA512
98a20f70fdcb30425fad31d91a93e16c3c8d5dcc59ab3aa5f51e32139a67ad6ba6a176a91b3138240f8537118cde9eebd50af43b246b2f0fe998ae8eaf113405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9de5279d0990b9eb2cb364065b322b37

SHA1
99145fa75f8d662ff84f138281c30cbd72214523

SHA256
f677378d0ca0e4c6f268e0ad9a45e91f581902b18ba0ad46cfeb6a930842b9a6

SHA512
8bf8eed92bdd7cd430188f8f08efe27c92ccb34bc975c5cd48051a14d31043e720f2d06e3415618a594cafaefcfe668a727daedf851491df0430973b876b6b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
49660eae35001ff1be5a6f02b0c03cbf

SHA1
128c0113a0f249c5b0f301e1e6d0925245f4fb37

SHA256
2a50bd9de2d699587d5354e84ad4de492156d59f91e77fd1f6f61cc253c2c19f

SHA512
48f21df7e1178a699950540c7281aecd904bdcf5551e2f37294937d503329cc1941c14495bee85ee01da79c5e0a5e77f1ea4ed4da2d8408093014a54c894cd28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4e9c9c6c15ed03a41cf747544e934aa9

SHA1
c28bb68b2fd03429a37f174da61c755c9a6b1fac

SHA256
f278968c401cca9f87b8a9ab2dd731bdb136c317f1ffef56992dab417cee85a2

SHA512
cf2a0b45ad74c8a94fdc3f0f725a1d591da0ffd7f3e4c961a75f9efd3c0a2821301ed4c46244619f5b8baa4ef77aec1d125ecec916f6d542e02e0aa8d4058b06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
750ae5395a3dfe3277509a55c1fe2062

SHA1
2362c24d83a62c8eeafdc2310cec5f38ff973172

SHA256
175d4e5a46b9a5fdc1e719f86edb9c4cf825d5235e2a6d57120a564d624dd3d8

SHA512
066ba484a48f609a2ba0b1c4ff854793d1abe95d8a09276df49c9fcaa32b15afa928538f16c49d57ddaab327cf64d6c3a6233064b184d95f51df54b018e914c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e2ec177c7a9b71334871a094b1560d49

SHA1
e9ab55161cf8c105cd4b37053afc94e1ce24cdae

SHA256
1892a1f5a6c79e3a0644caa5517d44ed97abc11ce02b1a027d4cf2d0d417e965

SHA512
fca51f08ef11df711462219bb61ffddcb53e230d3f9b48b20dfd675852ad25774f0c4e808dbe2d643960453c70735604838d56b6f3223af46ecb385e281fc603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06805e51c8d9e26aa8bc6d4c20e570fa

SHA1
4e8469c504fbb650bc251d62b539a6d2ee7401c1

SHA256
dd487e64cbf8bb9b891455f3991979d7564241c196e3fdeb61a885daa8e76788

SHA512
19275001fe9a778a5af0f39ef8497f6af44b2428e264450f92843ec99859bdedbe372c8c9f7ea6d58264d01137875b9f0475be9575ac7cf01a0823d912b7b162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6e757a636e9d1c4780246c1d85d0fa5b

SHA1
3ec143b457afdc8323c3f84e182e96ec75137900

SHA256
55044ec1fac64cd4e17f893b9f9ad8b58f549a6930532637e34a8a8aa71ea036

SHA512
28644f1add451eb7a4c396f242be1f3da159b2036d07f79d7ce4586df2b8c721cab1e87f240eff952e1047a8b54a6c7595238f4818ccd031ddae888c8000ede8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f3e87ed0510e42cc3a206837295471f1

SHA1
f222044215a1e8ae4e9081d53cbfffa2034d5bcd

SHA256
260e2c66acab1e68134f2fd2c7b540c375236608f7370df9303b4a0193bdae68

SHA512
353bacaede5ce0e4ca1741c03f90730bdda7506df8fb936650581a2f12818deb451251e103fd817a9945d60706057692a106e9cc95f4990dea1ef6704a6aaaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2d18af3f98a14aec8f0c44585bae080f

SHA1
2127043889d29a612207359882ac08603ea445ab

SHA256
456503c9708e2feed3f98771e8eccc141d3b88e6ad0003d2c0fdaf0a8237972e

SHA512
d9269e9543f0d60b12ff4cba9813c83cfdb39a15d26bf598b7ddbfaa54f7ba3a62d61c5cc8c740ac1fe3c62ecb7e17df0ea297cd9c087cab16c9de8f5f6a01f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
197e53f2a936fb97882451be8707a1a3

SHA1
4b33742ec3118e892c2b723a3ac2bf8a37245128

SHA256
6f4624aa6e647b18dfc3e561fd78654b32c8b51b0f8271b93bb3aef531c2b302

SHA512
d801dc333f8a58a8b6f230d4d89f196d8f724064c136f1b77fe8952f52764ee1fec06f0cc523859eeca289c6e522cc8c08e591b9908102e98b80196338c2642e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e442d3f63f3c318b13850d86caa68d6e

SHA1
742305bd8d1744ef4c6e95cc6db0b210a39a3d1d

SHA256
85eb6a8df8aa38606d047ffca39242bb87bf474226cdd5788a94f4007b44143d

SHA512
62571273e6a6153db60032250d7ad5ff9b9848205fa4f16df53f293ee007bcc09640543ab11aec13d51f5a622b809b6d13cd070d448195834ba068da64bf877b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b700d43a68a6755e3e42b28e475d923a

SHA1
7aafc49c74bb90ed6621139cec6009beb5c31c4f

SHA256
f4d721f3d5ac3df32d077f82ae89f15e93edd5c45c7a5f15542c8b6df064b46e

SHA512
13d32cc4597c7d7dfb78833768e5658bb8001d185e4e1b273d65fc782af79aa2f70cc4073af4580659b429d8931ba65c33e338bc0c2c2b6fd6fe08c25bf64b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b70b5490dac68f496cf3e7f07abc8c08

SHA1
66799d927aff751734727763b1fa60eb7dacddb6

SHA256
3389f5d3d063fd8622c7a6a913eacadf14639bba0d9b4e8a34f543f9c1f043da

SHA512
6571724b8b024a90fc4e11761f00f62e7da128920274035722823169abc00b0b1538d7f0555e41a50e006187be997e4f658511530a1a9908dc1c1dbad9fbe664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f097ae59098905bced64e31c13e4c029

SHA1
f85983efced2ee21b7f6a4667dfeb16b4c12c658

SHA256
b769a6f721df8eb925a5ca2d579ef8278f947939ed62c61cbd1367640794b17b

SHA512
b048fa2bd39b452d641d5f130a9fc177ade115673344771132ed0a054eaaf6e85bc708fee822657abc77f6ab2c458fdce4e88f603b953205cb1c0ea4bd7f05dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4298bb9b80599eff44acb4cde55f7183

SHA1
2ddec167a226ba562878baf68d8a7ef6f8ae49f0

SHA256
56d1f8bc34f00555411d150c4aa3c6c1d45dc59767ed1f0a64a164ba925c0111

SHA512
7eab5e8555f1d96461ad88f7a2a117e797b79448c055e27eb78aa8c30d6a221de2881d35141f631ec34e7dd9fc898e355dc7b6124f5d3e0fbe2bfdd0b8ba89fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
eb58fc020f1d727b49fc12a572864568

SHA1
d4c319408bdeafc6cfd1f480dcf055ca366cf4c1

SHA256
891d4165867627ccf3010e77c9a32a5494e6a35f9b4c08144e98dab1f58e73eb

SHA512
73f70a690525b5557547d223c7175b92370a776a899438352c844219eb8b08246b4e91c29a1d7c44136a3a4ebaa11c3bf054854cd6c9aaa96d3663a704e4c611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
23702f450569957b606444b6c8839fe6

SHA1
17e8be205a459e505375e776a853b0e49d63fb84

SHA256
d0719c261d019e2ca69bc03157a98ab6719e5fbc2f8c139fd5438c4a70d011de

SHA512
0d041f2fa2d0bfe7d315d66fec5b58af1b7cbf60262702317abafcfd22a61f649f95a6755e61da40dfccee4324a2eb3eaba09579509b60eae7ffd42038dd2945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c9a26d8d6a6379b4f1f2e7fa8a1a7092

SHA1
a7d804437d8db86659797719c160da66f2b56c9a

SHA256
2bbe1d69242255a7908827c55ea900f400e8da684818c8bb9cb1cf60312f9cb2

SHA512
f7c0ccc3660b0bb78bfeead67305f0cb3858543de98e8b9863cb2b2a116fbaa0e95bac22583102a2bbd30f139b2028808565f507c17c5ed392bfa20da3c146f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a4645c09bf13fd9f67c14ff1bf053c1e

SHA1
4a3658a7ab1bb472095c26137ac713e7f1b96c5d

SHA256
eda91a31f5be202cf9d507fdc207f6f82bd84a13a35d8a42000a03f2ece9c117

SHA512
80d6c0c06a4b1b92f8ac8df707c360309a7ee4a339a6afe4536ac1755dab3f35cb89f3e105f8d39ca3d696111a2a68fe4dc4a2355cbc3f911f73b961d7c5cbf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
885cc9973b2738d57765a87c5dc3eed2

SHA1
a9dd765e69e638c1c7377da6abbe63b1fe5b9101

SHA256
11572a3e945e36fd663cd9e4df102f6b6858a05f06c5a3302df874a6cd58645b

SHA512
9f26e914c8610405efc07a69031e6fd6fe36833bbaad99dcf42fc5a4c9e8c9fc2b8fc5b7b81b200ec5382fe8d70993acefcb766b48e8ed1a8e04b2d870fc209c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bfac315788f0bf92bcb74cc972c73b72

SHA1
1160d3450e9a6de76021b0513574697ec3d6d2e7

SHA256
63a40416c7c77985702d0a67947ad88f87faeba668969a98fea0a829a6e8e505

SHA512
6b4201ebddfac6cdf5c021f207909c8278ba1ab859b79e560222334b7f5681bd4e7454941bd78c5af0543fe7c4bbf0a86d04e9ec3074b6ab3fb08d24c1632140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
7dfd3f162963a365e38b5b92d7310e4e

SHA1
02d1cc2e5319c356654f1151a212fce6be9e2eba

SHA256
85fd9b0578d88018b4e7e63999d3ecd0f58cefde2b575cfaebcee8d6abaad418

SHA512
de4df0438676d2926832e3f72421aa4d2a7cb9e1935502ee111576091bbb67a1525b5d3f603b4242b976e368fa87c9b7c009edcb3c2ea2a03a5bc772d38414df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1d9f3c7e854afb9ba449a13d4cafe2f7

SHA1
312877fe3b462bed83de2d415ed17929f5c20058

SHA256
4851eef7e60a52b7891335dd53485110640ec50c41f65d9cd73a93c1880e0f9c

SHA512
7286ec9a2653b68ea744b3ea0d3952111bb394062a69b666ff91bab2847b0fa104dfe81d9aac8edbc4958fcff294776759463229d7b0c807f7bbbda19181ffb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
521bbf9558c7639d56e6ce1b450b4a05

SHA1
df4c76d1abba0631c3a670681dd7c7fd82f2cf56

SHA256
677e4e1ac0a9af3a206b3bc9de83ed4659ac73054ada196ba92ffae94c8820d1

SHA512
527d153aac384425fa857e23bfebeb484a033246ce13eddcdb0af2f9739134d73e645af0b1c01c994bbcb466f4c4cc8afa08624f79cc07f2593d0e547b24f39d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 702694.crdownload

Filesize
11.8MB

MD5
8225468b722e6be4cc42fd850fa9e0aa

SHA1
0ece38a71bb450e48b11129de1883469d869ab24

SHA256
e846258302d7698682ceccf8b61a744f649bb1ec8d50651d762fac576b799a7a

SHA512
cdb70eadd6c69b57f05886c0b79e70853cfbcb5a5020105492185eb4cd350cad76b5224da77aac30a6dc17ffa561117ef5559d0b8ee1b97bef1b4a11f842743e

Download Submit