Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system -
submitted
11-09-2022 06:13
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://www.hollandamerica.com
Resource
win10-20220901-en
windows10-1703-x64
6 signatures
150 seconds
General
-
Target
http://www.hollandamerica.com
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\3064_1840167297\us_tv_and_film.txt
Ransom Note
you
i
to
that
it
me
what
this
know
i'm
no
have
my
don't
just
not
do
be
your
we
it's
so
but
all
well
oh
about
right
you're
get
here
out
going
like
yeah
if
can
up
want
think
that's
now
go
him
how
got
did
why
see
come
good
really
look
will
okay
back
can't
mean
tell
i'll
hey
he's
could
didn't
yes
something
because
say
take
way
little
make
need
gonna
never
we're
too
she's
i've
sure
our
sorry
what's
let
thing
maybe
down
man
very
there's
should
anything
said
much
any
even
off
please
doing
thank
give
thought
help
talk
god
still
wait
find
nothing
again
things
let's
doesn't
call
told
great
better
ever
night
away
believe
feel
everything
you've
fine
last
keep
does
put
around
stop
they're
i'd
guy
isn't
always
listen
wanted
guys
huh
those
big
lot
happened
thanks
won't
trying
kind
wrong
talking
guess
care
bad
mom
remember
getting
we'll
together
dad
leave
understand
wouldn't
actually
hear
baby
nice
father
else
stay
done
wasn't
course
might
mind
every
enough
try
hell
came
someone
you'll
whole
yourself
idea
ask
must
coming
looking
woman
room
knew
tonight
real
son
hope
went
hmm
happy
pretty
saw
girl
sir
friend
already
saying
next
job
problem
minute
thinking
haven't
heard
honey
matter
myself
couldn't
exactly
having
probably
happen
we've
hurt
boy
dead
gotta
alone
excuse
start
kill
hard
you'd
today
car
ready
without
wants
hold
wanna
yet
seen
deal
once
gone
morning
supposed
friends
head
stuff
worry
live
truth
face
forget
true
cause
soon
knows
telling
wife
who's
chance
run
move
anyone
person
bye
somebody
heart
miss
making
meet
anyway
phone
reason
damn
lost
looks
bring
case
turn
wish
tomorrow
kids
trust
check
change
anymore
least
aren't
working
makes
taking
means
brother
hate
ago
says
beautiful
gave
fact
crazy
sit
afraid
important
rest
fun
kid
word
watch
glad
everyone
sister
minutes
everybody
bit
couple
whoa
either
mrs
feeling
daughter
wow
gets
asked
break
promise
door
close
hand
easy
question
tried
far
walk
needs
mine
killed
hospital
anybody
alright
wedding
shut
able
die
perfect
stand
comes
hit
waiting
dinner
funny
husband
almost
pay
answer
cool
eyes
news
child
shouldn't
yours
moment
sleep
read
where's
sounds
sonny
pick
sometimes
bed
date
plan
hours
lose
hands
serious
shit
behind
inside
ahead
week
wonderful
fight
past
cut
quite
he'll
sick
it'll
eat
nobody
goes
save
seems
finally
lives
worried
upset
carly
met
brought
seem
sort
safe
weren't
leaving
front
shot
loved
asking
running
clear
figure
hot
felt
parents
drink
absolutely
how's
daddy
sweet
alive
sense
meant
happens
bet
blood
ain't
kidding
lie
meeting
dear
seeing
sound
fault
ten
buy
hour
speak
lady
jen
thinks
christmas
outside
hang
possible
worse
mistake
ooh
handle
spend
totally
giving
here's
marriage
realize
unless
sex
send
needed
scared
picture
talked
ass
hundred
changed
completely
explain
certainly
sign
boys
relationship
loves
hair
lying
choice
anywhere
future
weird
luck
she'll
turned
touch
kiss
crane
questions
obviously
wonder
pain
calling
somewhere
throw
straight
cold
fast
words
food
none
drive
feelings
they'll
marry
drop
cannot
dream
protect
twenty
surprise
sweetheart
poor
looked
mad
except
gun
y'know
dance
takes
appreciate
especially
situation
besides
pull
hasn't
worth
sheridan
amazing
expect
swear
piece
busy
happening
movie
we'd
catch
perhaps
step
fall
watching
kept
darling
dog
honor
moving
till
admit
problems
murder
he'd
evil
definitely
feels
honest
eye
broke
missed
longer
dollars
tired
evening
starting
entire
trip
niles
suppose
calm
imagine
fair
caught
blame
sitting
favor
apartment
terrible
clean
learn
frasier
relax
accident
wake
prove
smart
message
missing
forgot
interested
table
nbsp
mouth
pregnant
ring
careful
shall
dude
ride
figured
wear
shoot
stick
follow
angry
write
stopped
ran
standing
forgive
jail
wearing
ladies
kinda
lunch
cristian
greenlee
gotten
hoping
phoebe
thousand
ridge
paper
tough
tape
count
boyfriend
proud
agree
birthday
they've
share
offer
hurry
feet
wondering
decision
ones
finish
voice
herself
would've
mess
deserve
evidence
cute
dress
interesting
hotel
enjoy
quiet
concerned
staying
beat
sweetie
mention
clothes
fell
neither
mmm
fix
respect
prison
attention
holding
calls
surprised
bar
keeping
gift
hadn't
putting
dark
owe
ice
helping
normal
aunt
lawyer
apart
plans
jax
girlfriend
floor
whether
everything's
box
judge
upstairs
sake
mommy
possibly
worst
acting
accept
blow
strange
saved
conversation
plane
mama
yesterday
lied
quick
lately
stuck
difference
store
she'd
bought
doubt
listening
walking
cops
deep
dangerous
buffy
sleeping
chloe
rafe
join
card
crime
gentlemen
willing
window
walked
guilty
likes
fighting
difficult
soul
joke
favorite
uncle
promised
bother
seriously
cell
knowing
broken
advice
somehow
paid
losing
push
helped
killing
boss
liked
innocent
rules
learned
thirty
risk
letting
speaking
ridiculous
afternoon
apologize
nervous
charge
patient
boat
how'd
hide
detective
planning
huge
breakfast
horrible
awful
pleasure
driving
hanging
picked
sell
quit
apparently
dying
notice
congratulations
visit
could've
c'mon
letter
decide
forward
fool
showed
smell
seemed
spell
memory
pictures
slow
seconds
hungry
hearing
kitchen
ma'am
should've
realized
kick
grab
discuss
fifty
reading
idiot
suddenly
agent
destroy
bucks
shoes
peace
arms
demon
livvie
consider
papers
incredible
witch
drunk
attorney
tells
knock
ways
gives
nose
skye
turns
keeps
jealous
drug
sooner
cares
plenty
extra
outta
weekend
matters
gosh
opportunity
impossible
waste
pretend
jump
eating
proof
slept
arrest
breathe
perfectly
warm
pulled
twice
easier
goin
dating
suit
romantic
drugs
comfortable
finds
checked
divorce
begin
ourselves
closer
ruin
smile
laugh
treat
fear
what'd
otherwise
excited
mail
hiding
stole
pacey
noticed
fired
excellent
bringing
bottom
note
sudden
bathroom
honestly
sing
foot
remind
charges
witness
finding
tree
dare
hardly
that'll
steal
silly
contact
teach
shop
plus
colonel
fresh
trial
invited
roll
reach
dirty
choose
emergency
dropped
butt
credit
obvious
locked
loving
nuts
agreed
prue
goodbye
condition
guard
fuckin
grow
cake
mood
crap
crying
belong
partner
trick
pressure
dressed
taste
neck
nurse
raise
lots
carry
whoever
drinking
they'd
breaking
file
lock
wine
spot
paying
assume
asleep
turning
viki
bedroom
shower
nikolas
camera
fill
reasons
forty
bigger
nope
breath
doctors
pants
freak
movies
folks
cream
wild
truly
desk
convince
client
threw
hurts
spending
answers
shirt
chair
rough
doin
sees
ought
empty
wind
aware
dealing
pack
tight
hurting
guest
arrested
salem
confused
surgery
expecting
deacon
unfortunately
goddamn
bottle
beyond
whenever
pool
opinion
starts
jerk
secrets
falling
necessary
barely
dancing
tests
copy
cousin
ahem
twelve
tess
skin
fifteen
speech
orders
complicated
nowhere
escape
biggest
restaurant
grateful
usual
burn
address
someplace
screw
everywhere
regret
goodness
mistakes
details
responsibility
suspect
corner
hero
dumb
terrific
whoo
hole
memories
o'clock
teeth
ruined
bite
stenbeck
liar
showing
cards
desperate
search
pathetic
spoke
scare
marah
afford
settle
stayed
checking
hired
heads
concern
blew
alcazar
champagne
connection
tickets
happiness
saving
kissing
hated
personally
suggest
prepared
onto
downstairs
ticket
it'd
loose
holy
duty
convinced
throwing
kissed
legs
loud
saturday
babies
where'd
warning
miracle
carrying
blind
ugly
shopping
hates
sight
bride
coat
clearly
celebrate
brilliant
wanting
forrester
lips
custody
screwed
buying
toast
thoughts
reality
lexie
attitude
advantage
grandfather
sami
grandma
someday
roof
marrying
powerful
grown
grandmother
fake
must've
ideas
exciting
familiar
bomb
bout
harmony
schedule
capable
practically
correct
clue
forgotten
appointment
deserves
threat
bloody
lonely
shame
jacket
hook
scary
investigation
invite
shooting
lesson
criminal
victim
funeral
considering
burning
strength
harder
sisters
pushed
shock
pushing
heat
chocolate
miserable
corinthos
nightmare
brings
zander
crash
chances
sending
recognize
healthy
boring
feed
engaged
headed
treated
knife
drag
badly
hire
paint
pardon
behavior
closet
warn
gorgeous
milk
survive
ends
dump
rent
remembered
thanksgiving
rain
revenge
prefer
spare
pray
disappeared
aside
statement
sometime
meat
fantastic
breathing
laughing
stood
affair
ours
depends
protecting
jury
brave
fingers
murdered
explanation
picking
blah
stronger
handsome
unbelievable
anytime
shake
oakdale
wherever
pulling
facts
waited
lousy
circumstances
disappointed
weak
trusted
license
nothin
trash
understanding
slip
sounded
awake
friendship
stomach
weapon
threatened
mystery
vegas
understood
basically
switch
frankly
cheap
lifetime
deny
clock
garbage
why'd
tear
ears
indeed
changing
singing
tiny
decent
avoid
messed
filled
touched
disappear
exact
pills
kicked
harm
fortune
pretending
insurance
fancy
drove
cared
belongs
nights
lorelai
lift
timing
guarantee
chest
woke
burned
watched
heading
selfish
drinks
doll
committed
elevator
freeze
noise
wasting
ceremony
uncomfortable
staring
files
bike
stress
permission
thrown
possibility
borrow
fabulous
doors
screaming
bone
xander
what're
meal
apology
anger
honeymoon
bail
parking
fixed
wash
stolen
sensitive
stealing
photo
chose
lets
comfort
worrying
pocket
mateo
bleeding
shoulder
ignore
talent
tied
garage
dies
demons
dumped
witches
rude
crack
bothering
radar
soft
meantime
gimme
kinds
fate
concentrate
throat
prom
messages
intend
ashamed
somethin
manage
guilt
interrupt
guts
tongue
shoe
basement
sentence
purse
glasses
cabin
universe
repeat
mirror
wound
travers
tall
engagement
therapy
emotional
jeez
decisions
soup
thrilled
stake
chef
moves
extremely
moments
expensive
counting
shots
kidnapped
cleaning
shift
plate
impressed
smells
trapped
aidan
knocked
charming
attractive
argue
puts
whip
embarrassed
package
hitting
bust
stairs
alarm
pure
nail
nerve
incredibly
walks
dirt
stamp
terribly
friendly
damned
jobs
suffering
disgusting
stopping
deliver
riding
helps
disaster
bars
crossed
trap
talks
eggs
chick
threatening
spoken
introduce
confession
embarrassing
bags
impression
gate
reputation
presents
chat
suffer
argument
talkin
crowd
homework
coincidence
cancel
pride
solve
hopefully
pounds
pine
mate
illegal
generous
outfit
maid
bath
punch
freaked
begging
recall
enjoying
prepare
wheel
defend
signs
painful
yourselves
maris
that'd
suspicious
cooking
button
warned
sixty
pity
yelling
awhile
confidence
offering
pleased
panic
hers
gettin
refuse
grandpa
testify
choices
cruel
mental
gentleman
coma
cutting
proteus
guests
expert
benefit
faces
jumped
toilet
sneak
halloween
privacy
smoking
reminds
twins
swing
solid
options
commitment
crush
ambulance
wallet
gang
eleven
option
laundry
assure
stays
skip
fail
discussion
clinic
betrayed
sticking
bored
mansion
soda
sheriff
suite
handled
busted
load
happier
studying
romance
procedure
commit
assignment
suicide
minds
swim
yell
llanview
chasing
proper
believes
humor
hopes
lawyers
giant
latest
escaped
parent
tricks
insist
dropping
cheer
medication
flesh
routine
sandwich
handed
false
beating
warrant
awfully
odds
treating
thin
suggesting
fever
sweat
silent
clever
sweater
mall
sharing
assuming
judgment
goodnight
divorced
surely
steps
confess
math
listened
comin
answered
vulnerable
bless
dreaming
chip
zero
pissed
nate
kills
tears
knees
chill
brains
unusual
packed
dreamed
cure
lookin
grave
cheating
breaks
locker
gifts
awkward
thursday
joking
reasonable
dozen
curse
quartermaine
millions
dessert
rolling
detail
alien
delicious
closing
vampires
wore
tail
secure
salad
murderer
spit
offense
dust
conscience
bread
answering
lame
invitation
grief
smiling
pregnancy
prisoner
delivery
guards
virus
shrink
freezing
wreck
massimo
wire
technically
blown
anxious
cave
holidays
cleared
wishes
caring
candles
bound
charm
pulse
jumping
jokes
boom
occasion
silence
nonsense
frightened
slipped
dimera
blowing
relationships
kidnapping
spin
tool
roxy
packing
blaming
wrap
obsessed
fruit
torture
personality
there'll
fairy
necessarily
seventy
print
motel
underwear
grams
exhausted
believing
freaking
carefully
trace
touching
messing
recovery
intention
consequences
belt
sacrifice
courage
enjoyed
attracted
remove
testimony
intense
heal
defending
unfair
relieved
loyal
slowly
buzz
alcohol
surprises
psychiatrist
plain
attic
who'd
uniform
terrified
cleaned
zach
threaten
fella
enemies
satisfied
imagination
hooked
headache
forgetting
counselor
andie
acted
badge
naturally
frozen
sakes
appropriate
trunk
dunno
costume
sixteen
impressive
kicking
junk
grabbed
understands
describe
clients
owns
affect
witnesses
starving
instincts
happily
discussing
deserved
strangers
surveillance
admire
questioning
dragged
barn
deeply
wrapped
wasted
tense
hoped
fellas
roommate
mortal
fascinating
stops
arrangements
agenda
literally
propose
honesty
underneath
sauce
promises
lecture
eighty
torn
shocked
backup
differently
ninety
deck
biological
pheebs
ease
creep
waitress
telephone
ripped
raising
scratch
rings
prints
thee
arguing
ephram
asks
oops
diner
annoying
taggert
sergeant
blast
towel
clown
habit
creature
bermuda
snap
react
paranoid
handling
eaten
therapist
comment
sink
reporter
nurses
beats
priority
interrupting
warehouse
loyalty
inspector
pleasant
excuses
threats
guessing
tend
praying
motive
unconscious
mysterious
unhappy
tone
switched
rappaport
sookie
neighbor
loaded
swore
piss
balance
toss
misery
thief
squeeze
lobby
goa'uld
geez
exercise
forth
booked
sandburg
poker
eighteen
d'you
bury
everyday
digging
creepy
wondered
liver
hmmm
magical
fits
discussed
moral
helpful
searching
flew
depressed
aisle
cris
amen
vows
neighbors
darn
cents
arrange
annulment
useless
adventure
resist
fourteen
celebrating
inch
debt
violent
sand
teal'c
celebration
reminded
phones
paperwork
emotions
stubborn
pound
tension
stroke
steady
overnight
chips
beef
suits
boxes
cassadine
collect
tragedy
spoil
realm
wipe
surgeon
stretch
stepped
nephew
neat
limo
confident
perspective
climb
punishment
finest
springfield
hint
furniture
blanket
twist
proceed
fries
worries
niece
gloves
soap
signature
disappoint
crawl
convicted
flip
counsel
doubts
crimes
accusing
shaking
remembering
hallway
halfway
bothered
madam
gather
cameras
blackmail
symptoms
rope
ordinary
imagined
cigarette
supportive
explosion
trauma
ouch
furious
cheat
avoiding
whew
thick
oooh
boarding
approve
urgent
shhh
misunderstanding
drawer
phony
interfere
catching
bargain
tragic
respond
punish
penthouse
thou
rach
ohhh
insult
bugs
beside
begged
absolute
strictly
socks
senses
sneaking
reward
polite
checks
tale
physically
instructions
fooled
blows
tabby
bitter
adorable
y'all
tested
suggestion
jewelry
alike
jacks
distracted
shelter
lessons
constable
circus
audition
tune
shoulders
mask
helpless
feeding
explains
sucked
robbery
objection
behave
valuable
shadows
courtroom
confusing
talented
smarter
mistaken
customer
bizarre
scaring
motherfucker
alert
vecchio
reverend
foolish
compliment
bastards
worker
wheelchair
protective
gentle
reverse
picnic
knee
cage
wives
wednesday
voices
toes
stink
scares
pour
cheated
slide
ruining
filling
exit
cottage
upside
proves
parked
diary
complaining
confessed
pipe
merely
massage
chop
spill
prayer
betray
waiter
scam
rats
fraud
brush
tables
sympathy
pill
filthy
seventeen
employee
bracelet
pays
fairly
deeper
arrive
tracking
spite
shed
recommend
oughta
nanny
menu
diet
corn
roses
patch
dime
devastated
subtle
bullets
beans
pile
confirm
strings
parade
borrowed
toys
straighten
steak
premonition
planted
honored
exam
convenient
traveling
laying
insisted
dish
aitoro
kindly
grandson
donor
temper
teenager
proven
mothers
denial
backwards
tent
swell
noon
happiest
drives
thinkin
spirits
potion
holes
fence
whatsoever
rehearsal
overheard
lemme
hostage
bench
tryin
taxi
shove
moron
impress
needle
intelligent
instant
disagree
stinks
rianna
recover
groom
gesture
constantly
bartender
suspects
sealed
legally
hears
dresses
sheet
psychic
teenage
knocking
judging
accidentally
waking
rumor
manners
homeless
hollow
desperately
tapes
referring
item
genoa
gear
majesty
cried
tons
spells
instinct
quote
motorcycle
convincing
fashioned
aids
accomplished
grip
bump
upsetting
needing
invisible
forgiveness
feds
compare
bothers
tooth
inviting
earn
compromise
cocktail
tramp
jabot
intimate
dignity
dealt
souls
informed
gods
dressing
cigarettes
alistair
leak
fond
corky
seduce
liquor
fingerprints
enchantment
butters
stuffed
stavros
emotionally
transplant
tips
oxygen
nicely
lunatic
drill
complain
announcement
unfortunate
slap
prayers
plug
opens
oath
o'neill
mutual
yacht
remembers
fried
extraordinary
bait
warton
sworn
stare
safely
reunion
burst
might've
dive
aboard
expose
buddies
trusting
booze
sweep
sore
scudder
properly
parole
ditch
cancele
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 4596 chrome.exe 4596 chrome.exe 3064 chrome.exe 3064 chrome.exe 1784 chrome.exe 1784 chrome.exe 1148 chrome.exe 1148 chrome.exe 1748 chrome.exe 1748 chrome.exe 4756 chrome.exe 4756 chrome.exe 2380 chrome.exe 2380 chrome.exe 2776 chrome.exe 2776 chrome.exe 3064 chrome.exe 3064 chrome.exe 2552 chrome.exe 2552 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe 4880 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe 3064 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3064 wrote to memory of 3592 3064 chrome.exe 66 PID 3064 wrote to memory of 3592 3064 chrome.exe 66 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4644 3064 chrome.exe 69 PID 3064 wrote to memory of 4596 3064 chrome.exe 68 PID 3064 wrote to memory of 4596 3064 chrome.exe 68 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70 PID 3064 wrote to memory of 2312 3064 chrome.exe 70
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.hollandamerica.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4c7b4f50,0x7ffd4c7b4f60,0x7ffd4c7b4f702⤵PID:3592
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:22⤵PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 /prefetch:82⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:12⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵PID:4580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:82⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:12⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 /prefetch:82⤵PID:4204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:2956
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:3820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵PID:4912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:12⤵PID:4976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:82⤵PID:588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:82⤵PID:1488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:82⤵PID:1320
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:220
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:2304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5844 /prefetch:82⤵PID:2620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:82⤵PID:3200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:82⤵PID:4796
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4924 /prefetch:82⤵PID:4188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4200 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4200 /prefetch:82⤵PID:4896
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x30c1⤵PID:4612