hxxps://brandequity[.]economictimes[.]indiatimes[.]com/etl[.]php?url=hxxps://brandequity[.]economictimes[.]indiatimes[.]com/india-communication-summit?ag%3Dmailer%26msid%3D1547%26batch_name%3D15953_ICS_21MArch%26master_ref_id%3DODQyMzk4%26ag%3D23Marchmailer&activity_name=microsite_B2B__2103231308_10_2023-03-23&emid=MkFIZVNsOW5iR1VnaGllK1ZVWE5qREdIWUpUR3hRRUUxMjFHMEtlWm5ZTT0=&email=satheeshkannan@danfoss[.]com

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://brandequity.economictimes.indiatimes.com/etl.php?url=https://brandequity.economictimes.indiatimes.com/india-communication-summit?ag%3Dmailer%26msid%3D1547%26batch_name%3D15953_ICS_21MArch%26master_ref_id%3DODQyMzk4%26ag%3D23Marchmailer&activity_name=microsite_B2B__2103231308_10_2023-03-23&emid=MkFIZVNsOW5iR1VnaGllK1ZVWE5qREdIWUpUR3hRRUUxMjFHMEtlWm5ZTT0=&email=satheeshkannan@danfoss.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133244507933332117"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe
4632 chrome.exe
4632 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe
368 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: 33	4120	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4120	AUDIODG.EXE
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe
Token: SeShutdownPrivilege	368	chrome.exe
Token: SeCreatePagefilePrivilege	368	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe
368	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 368 wrote to memory of 456	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 456	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1496	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 2516	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 2516	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe
PID 368 wrote to memory of 1692	368	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://brandequity.economictimes.indiatimes.com/etl.php?url=https://brandequity.economictimes.indiatimes.com/india-communication-summit?ag%3Dmailer%26msid%3D1547%26batch_name%3D15953_ICS_21MArch%26master_ref_id%3DODQyMzk4%26ag%3D23Marchmailer&activity_name=microsite_B2B__2103231308_10_2023-03-23&emid=MkFIZVNsOW5iR1VnaGllK1ZVWE5qREdIWUpUR3hRRUUxMjFHMEtlWm5ZTT0=&email=satheeshkannan@danfoss.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4adf9758,0x7fff4adf9768,0x7fff4adf9778
2⤵
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:2
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5552 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5896 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5416 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:1568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4660 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5152 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:8
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6012 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:1
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 --field-trial-handle=1812,i,2471670196726998996,9949462967373559652,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2472

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4120

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
f2659f37a3ed23781b92e6028a40f6d1

SHA1
be28dcb7e0b47ecf93de55868be1c8afeb72e15e

SHA256
e8d1c97903db97e7bcece7d12a3e7d5b584b9bd3cafce67505cdd5bad22b4609

SHA512
dee250bea6ad99d7da006fcc0ae8be8c384620d96f692ebd07676a437e10e482f8bd5cb3d59e5ce0768af4b36f8d1d484c6dda5335ec28652a47d10bb60fdc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
be6e93349813d5b4a51116e1550cf889

SHA1
ccc6ec5dfeb7796a6afe0cd2ceb4884ecfa4b0eb

SHA256
cf7fe47d013ffcb1c940d530d2d68c66fc50be2c6fb839b0060b30cac80631c3

SHA512
fd66cb8e1f69f852ef0781bb06a2514014fa13aef77b248751e16c79cbddab01f83673def77096712f09d2370bca66d8ed545a53ef023a801ea24fc77eadba91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
86dc12670a1f6d03694dbb6b6358d4dc

SHA1
6ed4bada791d93b28606a19f0dc570981202c015

SHA256
2a4d220bd7299df3d207e7721ba0eaf23097762f72672d61867b7b0b389a56d7

SHA512
fe45056109696b519400dfc8b052a94ae6897588667b7dac12ca2532d6bff1a68d0baeeb4510f239c9fc92a2bd29892b71f315069054795c60b10522ac82db17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
e25cb175d9c4280af633301fb991c164

SHA1
e4c2d158c3f7d02b25271127cb44050324ca25d0

SHA256
4d908825ca726107f8b25ae04ba86927b07a9e8987f9628881468094c6dd5f98

SHA512
40a2316109cb64472f3a6d7db28bd1bdc4a96ba2823e482d8402fdfb7daf24a072d6b87fc2a1bda23bc22ebae2c72305a1e5fce8efeea8937d4c88efc6c663ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
7a5be8a45bb0310d8578ceb92b52164e

SHA1
751fa5715dcc23e7b451ec2e54ae9d542a303dbf

SHA256
f6bc1f164eab964f327a761250a1fe90afb8823e287d0ea3dbbe6a00c7dec246

SHA512
3ae2cb2a5dfaed91cc00fb238c6659606d38c4b2b83391c5b910e5c99b923c699346f81915e1129b9ea9414d1e3e5a9ed373d316b95d710f82b1cd6329e3d163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
1b93508f4d6e6a25f4bcb818078d977a

SHA1
8573450f069a0b3b85089682e62fc4bba157bf82

SHA256
7bfde56a8da8e60e3450dbf8b0a1ff4c511a532ef1864f7192d9a1eae60fbf49

SHA512
bb6308a8e804c4d4cb6d395ea7f45f5bb7de3e310c2356f53e9b85b992d196fb9bfa634c15059bb0a1573287b06434c1a03e48a8d73a604d10d523674579d321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
0f3b103e7d561154ecc71ab74517c0dd

SHA1
8fad531e653721d76ff570b9926b76907fcd4004

SHA256
936d9e6fe58b4d218e182c9139001a28994c224a36b97f2c37710aba4dd84bfc

SHA512
0ef29c0ced3f8dd903f698b8c55a741a5fdfabbf06313a6fa539574e506f854916ed2a004420bee07b78a230bdb53d90e07ad40787d81eb4a87fa0858ca8e1ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
61c605d24d074c6f9d7c1a7ee9939ca6

SHA1
6d7c2767dfdb73a3046348860bf52064a863963e

SHA256
6acb0cdab5e5878803bdcb43e972ea5c589fdf0c8054991ec911877be70b7c6d

SHA512
795ab6894f75efb68fb4e025e8295bd4b2f6d658a89066c1b353a6f58dca7dd6cfdde14b8406220651c3b8552f5e678ee9b459ed07f63542fa108bd175694cde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
d5d105f895468d2b029d0b41562429d4

SHA1
a511b208e7499cced8799ae4ac28656400fdc62d

SHA256
858d7d1f744b8288348982d3189febe2440b718be075cbc6d48f8c166400ce7c

SHA512
406338421a6e6883c701b953a03e7d3614b1d7bc0fbd4a91f752743b99a6c995e4db4dd3868612b1eb205fd35c3327b03bbddd6e37f567fecdd0739ec25314bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
60788d0fa422d1ad7a1752ea53709feb

SHA1
f054d54f541e9267ea9f25e21efd79b51d204bf9

SHA256
d8190f3cba1e0cd68563fb900397b45141f8c77d9b6e952f064a45ab68b5ebba

SHA512
0864a6bd90961ceb4162d0e1a1edd989366592ff25854f668f4f77302ac34f8a81b1ba47f68f3ab25a70df99bc457926b3cb71e247554bc27622040bdb9e395a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
9b50dc3c7dbf16310b323612ec522a9a

SHA1
148ed674b2e8d0f0ce6979ab33de7aeaa06d4018

SHA256
7cb50d326929d831034a9e64b5d95bfd613e2a796930236c8220ae7c90855c2e

SHA512
34362c94e26193d4c34af1ae8fa5f1083f283c5263bcdd240c1c765fabe84b0308361f01c80ccf14b27ebe7b4803812602cb9ae69fd184f7e6d23f966f8eb9aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
b7fe60ef9f63ff1ad0d6f9e92f944380

SHA1
80eaa9921f297aebd0242c406cfdd9672a1fdb66

SHA256
740c2573bd6f21c5fa1ec3b375d4f88ecd50c8fa33dbcd21bd26813838388a73

SHA512
05aadf293f323a566ca26ba2f8867792964090ed8ac114a64bdd7f71419d87b2e7bfe2bede955933f807233152b35fd8508fc8e11b3941ba019352b9a2ec4895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
2762a556da869fe1a61c5b257b8a647b

SHA1
2cca87a7da8e0e2f64f0b684e5031d7f1de97789

SHA256
006fdb2912d4f8fd9ec41dc66b9581f46ba91f4c8c4dd79ec4fc801732e9c755

SHA512
e49a88635601043bd14049c0ab4906b9303887475bae04ef5ecfb17048fa18e8f4710f45325cb932134cff4e3ecb28d66c4d5194d2231972022ea9cd7531babc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
43262d30ee0daf01b6a08284f34e696a

SHA1
18ab35598046c3c2621840e86967e107394267ac

SHA256
cc0236f666ea617741d9d87e2833e6eedd75c672ca838ae818eb7dbcb0424208

SHA512
e42f9c656d0ffc6d9f281b9f665d35f7ad1b1e7deb61c1c99a1d322095a2cd9794f41d4f49e60759579fcd2ff084a6295b8bba563fdef04f3d621e12fe39cf4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f9bddf93342ae4d1d7aa6ed4395d5c80

SHA1
6f8299ff72fa16800e2ae0deeedc5596406d40e4

SHA256
2cfed3e30cfed0f0fc8d0244843704a288b3ddd956f8bd522af697889f41d4a3

SHA512
5b8eddd719933f3697ec83e159fa62d1ffc762b1fd92149259c7956d30fe8fa265bb2d3b6e506043fcda73d2e0333f9e3f9747f72c1535e8ed172f15ab0a03f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
6614ee2f295292973fd295bb4447b317

SHA1
c12f42c257a5c27b7cb8b15391c5e0e9d10019fe

SHA256
34a997c0784941003c636e1cbf2d808c0d1d0b7bd2addf856a8b58e10f9af55b

SHA512
380820937477299b05819c1447ae72b004e01806d2b1fabc284f6c3ff185618597a61c79536986a337ba0da3a35e27ef6db4a58d77b90edfd28a1eb668b93e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
147KB

MD5
79fd7ca69514fd7a3c46ff87e5874cc0

SHA1
ae4983008837daa1406c9248cd6a54b4824880e9

SHA256
ffbae97ddb3ec376cb4f39de261694186e2490fb645860a066a484e70665e51c

SHA512
a25dd8554fa3f84edd173d3c8d2f7ef33dfee6f4156ff1eb1c1fd8e454a97e40f8d1dca0d2c17ef22b6d4f941a5cd2ddd45b43aeb6a1202e193b232ed69c2784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
b9a2c46b67ebed250a92652bbe3cfa97

SHA1
d762a0b06e85c9a7f337619214ffc98acd12356c

SHA256
793a7e9bc25d8ec2b1910edc1f826f8c9400bc757805871743648bf0c67e82c3

SHA512
b00aac751b0dc05807cf8710514e9889add97da9a74e6835eda38da1f52fe57cf77b9f21f35197b2a484fedaeae1c9f79ec2ba16e8db583ac90b3e021c8820c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
8280a14cc6b1a211d2bb3a687a33b32c

SHA1
1e4dd88b421adc3610f9f3699e0389e16f985b9d

SHA256
5f103a25dc0ffd911a433cabf4940285c81e0351f203b56abb200945883b2e33

SHA512
9e2be82a3e67026a2500aa0dd57ef48c732c19a015c1e4ae0f8c6af6c39a0666f0f25bbccf8c27cd54299a1af1067d89371073807030d66f64cf92ed00ea8f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
146KB

MD5
c1c826e10e2adb0fe82a7c77e7583e84

SHA1
32096ecb14196f92e92a8c97dec6faa8e4d7307d

SHA256
cd50dc13986c5334c2a4e3c3797f26218f1b638c3b7160c8cec452df42e99a16

SHA512
fc1bffa1d2c48e0959b0911043e775bf89304ada7bd314fa22daf076a3457476597ee0035a6e32c11b37508cfbf867714c111b9a1b249ef18ac8049c84fb60c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
5c3aba314a8d492088600c1e2110b2c1

SHA1
e8d91196dc44dc6ee70bc0c77c16fb1909bf776d

SHA256
7f8bb0d596c26b2e257f444533498e4c4a043e3eeb7fd794d1136650455027dd

SHA512
73aee4f5e7e97f3285e6d1413e987a71cfd7a152ae58a17116056e96c578df1f83c1e25ca326b040e17d31eeaee35323b874063877a575c364d2c4589454ac76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_368_XVZOUZHJXSROZSRF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit