hxxps://www[.]mesquiteprinthouse[.]com/how-come-companies-make-use-of-a-vdr/feed/

Analysis

max time kernel
210s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2023 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mesquiteprinthouse.com/how-come-companies-make-use-of-a-vdr/feed/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332307433479884"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4136	chrome.exe
4136	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 1360	4044	chrome.exe	56
PID 4044 wrote to memory of 1360	4044	chrome.exe	56
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 3448	4044	chrome.exe	88
PID 4044 wrote to memory of 4880	4044	chrome.exe	86
PID 4044 wrote to memory of 4880	4044	chrome.exe	86
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87
PID 4044 wrote to memory of 4576	4044	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mesquiteprinthouse.com/how-come-companies-make-use-of-a-vdr/feed/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffa906c9758,0x7ffa906c9768,0x7ffa906c9778
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1620 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2196 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2280 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5292 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5504 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5248 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5648 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6172 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6316 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6048 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5528 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5792 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6056 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6600 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3212 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6736 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6436 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6604 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=996 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6380 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3172 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,11406392211729736657,9993594133375741676,131072 /prefetch:8
  2⤵
  PID:796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x50c
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
142KB

MD5
37f846dbee05d76bc1ef411cf54cc66d

SHA1
624e1379325f1fc04ed494201fd7521665179730

SHA256
d11f0440ee6db5c0e19668a43325c587a7fb849897f28a16da3ef8283fffcbda

SHA512
f0ceeefc761bb600aabffb875c7739c45b7225661a50bad4db0a38bdc4499e2b32c328b31d5ce530bb2dbefad57e575502d13f427bb278e3e37e289cb646dc89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1e037350049792883a19616f7ae46260

SHA1
ea8f2edb95ea1b08db3089bb04f71b0abc9e0186

SHA256
22bb740b336d53e54c9a31782d51fc7acf7aa3d0db52077d046cc0052e26e47b

SHA512
3a9def86596e31a7e7113a4bfb336af3dbc8011499b6f9cde43a54a03c66d30c0e461e6f7048fe26bd83a1c0ff3b53cdd25d4dd12c61417a468a76e2aeaa4283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
9a5cc2a486726e384d2e7465e54469d8

SHA1
04786f044f9858e191a6270b1e961067fe3cf323

SHA256
5b58fcb161162110eedf8f2a3771387b6b5c777f6fbd893c4d8f2cc46dc21e68

SHA512
b4103d37c108ac2ddd011d695b8be48565b72a5b2de1521360e8e20d430ab32352e6b4b0d24f73d8d4ceb300efddecc46393d933f88a61a9a6eb176a802e0a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a89378ef8ef212520d7e26a4ae2c219a

SHA1
cc27da0a1dc6c3a075b09e805e7bd6b41b407b22

SHA256
ffffe75456ff3706becd8458d7620d4bd5d3c42d6eeda5d4057a3e4b3b14663a

SHA512
11e332ee95c89d72b8991cad90bf193e638238cf9b125748e386b635bbebd4fff11fce736c143b18e84392251fa62d188205898d0769529293a49fd68b7d2ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ffb0f299dc2bf71d49c244b6c5219c27

SHA1
764b829b2d85bcf952f20fc2547a87505ec43a89

SHA256
a4b75bec8decccd0631c1c49e4a80e38dc884573830cd953f0e9e087c5fe7151

SHA512
ba0afe91089a75fc5b514048305575db5d05ef310ad37b22d513bd7c63ff5acc9f6fde4545f2306c8f044f85e3aec371fb56dd42d6bca75d82e4ac9216cfa659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
199ec5ad425c0e2c20ad3ac218c11550

SHA1
4101898dd71f5287e130a61edcf1e36b3a2de3c6

SHA256
c73ace4455f00c3bf09cd0e1e05a43dd7ca85e73d8abbcc326e70328490a09bb

SHA512
23a4e05e92b54b0355117a8ba65d38a6d4f8bebc89ed186de4255f5e5a34873569f1ac0bfda7095cede44615f7f371ec4b994992f6c055ed1b87cc6e0b237bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
d1ed66098cca059c83c66dc8a428d3b9

SHA1
399638bd0ccb616c4d72cc53d79bd3eaecf56957

SHA256
f2b78a2761ba0e8b9fa4ce608b4859a1510447055667dad136aae2e9fdae28fe

SHA512
db042070caca70d1a0cc738ff021fa2cbc6d0cec61c5ab94860a0d01ec33a814a5feb7aa0c39d1a8b8dc32e598be8a0b3abccb9993088fb25a8fa81c73469af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
84d212fd71ad2f21d0898cabf8cb785e

SHA1
28da12380acc506c5739abc9c75dba25aaa47c41

SHA256
a0f84911d0f01b865c090e178a0ae01f364bd9f575f76a7d2a20929d67a00443

SHA512
44309f7fa3a7608b3940c85a71fe3816d4be0957ea19f0a8fbfdfee9f9f2ece048f7a09e1ff75bef599b2b785af0655d933e26feef5f703c889142e6c9fc6fbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
324ff00229e9ed81ddd22f68cffed62c

SHA1
e928a66ce3814afa5084c44a4d210d54a222c184

SHA256
7c76220fd3df166cc992df9dd02dc6a7727075f32a75c5c6d43891372648d545

SHA512
b240df3360abc4ae0e82a5a147c16be5f5223a9c8eeb92b62de17c8c5b0d9e0b3b9bda51ed7c429935f8ca6aea244c1fd758517af01f51c20a00bc4b38be571a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f3ec83263fc9bc7b34f6bde2250a9d44

SHA1
7a0ee3494783b2f9866c814d86605fb79a72de02

SHA256
b4014fae236b68f8072059515467e87d3afc246c2259a0e0f713ed2b7a1ba8f1

SHA512
c7be113afddc741379efc1694fe00f502a6d1a53d64232a2db5564726a1ca58313244e5f2b349d5c6f2b430cf5b13addd1813d3d57636c9ce1a3dd53fcec094d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc5cd42f837fff4fe2a23bd1c3d226ad

SHA1
a295403c0767e20ce0267d4b6c983f7155ee92f7

SHA256
16a33acd8897280fdeb145b6e670023b12a37c019235cf827c7315ff8a50b08a

SHA512
f97b4b18f2802e3bb378e39660eec5f078cdf417d99d21d99ee642222ed7477c32b98bae1585421a40d47c070a7fd30da2a991958ada2961431d9d770db14d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db878b1e7ad147b112d72074acede97c

SHA1
3f38056aea9da078a00681877db320bf85ba0ba5

SHA256
7757f18217c3bc7dea9fdb215238b7b693fcb3082d455e6545d24ad665379fc1

SHA512
4722e5e5f959aba02f932eabfd57c322391bb8bd877f9ebe7d9f390c1a641949bfa13e8bbd3dc83452e389fcafd6d30ddd6cbed6ac6acc24c826069f7ce6ccba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
2b89a96d27ec1fff3102e11cb6d3373a

SHA1
ffc585e4c755158e32ac3e1f800c8adb23959dcd

SHA256
c2a73f486569e48fcd0ac0260ff4981a010a7c0e2cd8f1106b99881ca4b1793f

SHA512
7f20b655dea5241c466071058d09c86f65c68a24b88ab2faba06eebf620450b89f0f9ca28824c647e9aa53101dfef4c1dde3a622caa6ab92927f66558879fe38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
a58fd008a9e959b4c7ed734d5bf4ab07

SHA1
ee34231cb8a414135c277f74d9681b068563fe50

SHA256
e166efb39921727d27ee83e48b879cfb291080e7590946676e02c6eeb6d1d6c4

SHA512
f2eb062d0686e74e57bb0326aed2d5bb5bd93852e25cdc20185274c162052ab82145dc6562a850dfb126318a104c9daa4301b16630fa637fb90a23b33fe9ea22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
dad4d6e30695d216335fb49b5f511b2b

SHA1
3da9bc2135d481404af8680808ac548e79e9cb6c

SHA256
cd7faed47cf4b980c20ac2ed059d06724911e6b584fd155199e306f2a5ad0d92

SHA512
214d1dd4ea06fd14070b1a505f00ef1f1012255ee0e34e1ba3fa361ba894c0a6b957b13eaa0927e08aa00ac3e8c14c833eb73c2c61a5ab95fa1be0d61036f89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
87d026469eea5b40e8d92a361510f866

SHA1
067e07d86551b87602be3a8bc897651a9f8b607f

SHA256
02e128e891caac35fa02bda23ebe05a742c952ade966da40769696734504aa70

SHA512
723d539bb2fbfc6b21d6c0707f366145aba440e69452b53b9e547f77c66f67a35504ad1156bd4d8191d66247f30b62d884cc60d9efa4f0106699b09def761ab4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
3d64969a01dd8c97e73c132c9a496498

SHA1
00887e089149b74a21c2cea0f8946e62a4fb475f

SHA256
408922603e53f5ca5f79d0d56c57eb08cb11a02a3f06c9329a9a671c02774597

SHA512
5389ace845ef63fb7a30d83d38e11a56d231a44aaa2e9dcd28a7c7be470593c54b11380e8b7488d83c7561838f8b02bba7874cb1f787d139941304c3ad9a6a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
fff011c8502b0cf6dbd07ee2a40f46e6

SHA1
986a029e0e715f8ce55e0a11152ba52000816cc5

SHA256
9079a7be6b6bebfc3789bd61c834b7b37ddb4d28a751bd58d606a4c65504ca2c

SHA512
0277c016395945d4c8217b1c315aa4e3c4ad3f9e7776ee3651650bfde43cac3e503bdb3854ebc83b2c2bb4498f58e323a600ec13c100ffabad745927e27ad7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
c46c05db9c0365ea8f1ad7347a0eb330

SHA1
1b2533e121b3569a7d9de15414305b19a2f49502

SHA256
418e36b39c29f9b4cfa664adbb9fd9e8095472265e6657703841242615b18693

SHA512
69f07f32aa9ce8a7e9da810f46592559d0c144c53aea99c283d848107721935194cee59a7396d8676c2f2ad25367e2b0b1838e0b955800103bcedd6c4a4c89be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
7dede87d3c4e1a79758d4d6b415b9170

SHA1
d905779c3b3f9e7495c99e87483df9b0fa8734dd

SHA256
6c1974848b142f4c92837229f7ee9b38e44823d37cfde06e17383834e1072526

SHA512
0cc5fb19fc9c7771763e8fcb9a3942e8b531b4d104fd19840e8ddf0a4f17cc5e6a56b0b7d713171cc9e290611da55d501ad0f86bf85b1fb4a4569407cdb648d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589c3b.TMP

Filesize
98KB

MD5
310b22786f90707f13d37a7e03e5ad3a

SHA1
34f6af7faa612332524924f96fcb74481eaf6e38

SHA256
98641829f070877d1c153d0d590971039a308d3f7d000c3f3e3eb4aad277c5c3

SHA512
ac8133b0a9f076e2a635386dcc34ab9ac2a3faa6bb5e606309973766c7b84e981c53ef8a4b134af75a820a76caa929264077c7eb3e68fa36a6ac3da8883cc2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit