Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11-09-2022 06:13

General

  • Target

    http://www.hollandamerica.com

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\3064_1840167297\us_tv_and_film.txt

Ransom Note
you i to that it me what this know i'm no have my don't just not do be your we it's so but all well oh about right you're get here out going like yeah if can up want think that's now go him how got did why see come good really look will okay back can't mean tell i'll hey he's could didn't yes something because say take way little make need gonna never we're too she's i've sure our sorry what's let thing maybe down man very there's should anything said much any even off please doing thank give thought help talk god still wait find nothing again things let's doesn't call told great better ever night away believe feel everything you've fine last keep does put around stop they're i'd guy isn't always listen wanted guys huh those big lot happened thanks won't trying kind wrong talking guess care bad mom remember getting we'll together dad leave understand wouldn't actually hear baby nice father else stay done wasn't course might mind every enough try hell came someone you'll whole yourself idea ask must coming looking woman room knew tonight real son hope went hmm happy pretty saw girl sir friend already saying next job problem minute thinking haven't heard honey matter myself couldn't exactly having probably happen we've hurt boy dead gotta alone excuse start kill hard you'd today car ready without wants hold wanna yet seen deal once gone morning supposed friends head stuff worry live truth face forget true cause soon knows telling wife who's chance run move anyone person bye somebody heart miss making meet anyway phone reason damn lost looks bring case turn wish tomorrow kids trust check change anymore least aren't working makes taking means brother hate ago says beautiful gave fact crazy sit afraid important rest fun kid word watch glad everyone sister minutes everybody bit couple whoa either mrs feeling daughter wow gets asked break promise door close hand easy question tried far walk needs mine killed hospital anybody alright wedding shut able die perfect stand comes hit waiting dinner funny husband almost pay answer cool eyes news child shouldn't yours moment sleep read where's sounds sonny pick sometimes bed date plan hours lose hands serious shit behind inside ahead week wonderful fight past cut quite he'll sick it'll eat nobody goes save seems finally lives worried upset carly met brought seem sort safe weren't leaving front shot loved asking running clear figure hot felt parents drink absolutely how's daddy sweet alive sense meant happens bet blood ain't kidding lie meeting dear seeing sound fault ten buy hour speak lady jen thinks christmas outside hang possible worse mistake ooh handle spend totally giving here's marriage realize unless sex send needed scared picture talked ass hundred changed completely explain certainly sign boys relationship loves hair lying choice anywhere future weird luck she'll turned touch kiss crane questions obviously wonder pain calling somewhere throw straight cold fast words food none drive feelings they'll marry drop cannot dream protect twenty surprise sweetheart poor looked mad except gun y'know dance takes appreciate especially situation besides pull hasn't worth sheridan amazing expect swear piece busy happening movie we'd catch perhaps step fall watching kept darling dog honor moving till admit problems murder he'd evil definitely feels honest eye broke missed longer dollars tired evening starting entire trip niles suppose calm imagine fair caught blame sitting favor apartment terrible clean learn frasier relax accident wake prove smart message missing forgot interested table nbsp mouth pregnant ring careful shall dude ride figured wear shoot stick follow angry write stopped ran standing forgive jail wearing ladies kinda lunch cristian greenlee gotten hoping phoebe thousand ridge paper tough tape count boyfriend proud agree birthday they've share offer hurry feet wondering decision ones finish voice herself would've mess deserve evidence cute dress interesting hotel enjoy quiet concerned staying beat sweetie mention clothes fell neither mmm fix respect prison attention holding calls surprised bar keeping gift hadn't putting dark owe ice helping normal aunt lawyer apart plans jax girlfriend floor whether everything's box judge upstairs sake mommy possibly worst acting accept blow strange saved conversation plane mama yesterday lied quick lately stuck difference store she'd bought doubt listening walking cops deep dangerous buffy sleeping chloe rafe join card crime gentlemen willing window walked guilty likes fighting difficult soul joke favorite uncle promised bother seriously cell knowing broken advice somehow paid losing push helped killing boss liked innocent rules learned thirty risk letting speaking ridiculous afternoon apologize nervous charge patient boat how'd hide detective planning huge breakfast horrible awful pleasure driving hanging picked sell quit apparently dying notice congratulations visit could've c'mon letter decide forward fool showed smell seemed spell memory pictures slow seconds hungry hearing kitchen ma'am should've realized kick grab discuss fifty reading idiot suddenly agent destroy bucks shoes peace arms demon livvie consider papers incredible witch drunk attorney tells knock ways gives nose skye turns keeps jealous drug sooner cares plenty extra outta weekend matters gosh opportunity impossible waste pretend jump eating proof slept arrest breathe perfectly warm pulled twice easier goin dating suit romantic drugs comfortable finds checked divorce begin ourselves closer ruin smile laugh treat fear what'd otherwise excited mail hiding stole pacey noticed fired excellent bringing bottom note sudden bathroom honestly sing foot remind charges witness finding tree dare hardly that'll steal silly contact teach shop plus colonel fresh trial invited roll reach dirty choose emergency dropped butt credit obvious locked loving nuts agreed prue goodbye condition guard fuckin grow cake mood crap crying belong partner trick pressure dressed taste neck nurse raise lots carry whoever drinking they'd breaking file lock wine spot paying assume asleep turning viki bedroom shower nikolas camera fill reasons forty bigger nope breath doctors pants freak movies folks cream wild truly desk convince client threw hurts spending answers shirt chair rough doin sees ought empty wind aware dealing pack tight hurting guest arrested salem confused surgery expecting deacon unfortunately goddamn bottle beyond whenever pool opinion starts jerk secrets falling necessary barely dancing tests copy cousin ahem twelve tess skin fifteen speech orders complicated nowhere escape biggest restaurant grateful usual burn address someplace screw everywhere regret goodness mistakes details responsibility suspect corner hero dumb terrific whoo hole memories o'clock teeth ruined bite stenbeck liar showing cards desperate search pathetic spoke scare marah afford settle stayed checking hired heads concern blew alcazar champagne connection tickets happiness saving kissing hated personally suggest prepared onto downstairs ticket it'd loose holy duty convinced throwing kissed legs loud saturday babies where'd warning miracle carrying blind ugly shopping hates sight bride coat clearly celebrate brilliant wanting forrester lips custody screwed buying toast thoughts reality lexie attitude advantage grandfather sami grandma someday roof marrying powerful grown grandmother fake must've ideas exciting familiar bomb bout harmony schedule capable practically correct clue forgotten appointment deserves threat bloody lonely shame jacket hook scary investigation invite shooting lesson criminal victim funeral considering burning strength harder sisters pushed shock pushing heat chocolate miserable corinthos nightmare brings zander crash chances sending recognize healthy boring feed engaged headed treated knife drag badly hire paint pardon behavior closet warn gorgeous milk survive ends dump rent remembered thanksgiving rain revenge prefer spare pray disappeared aside statement sometime meat fantastic breathing laughing stood affair ours depends protecting jury brave fingers murdered explanation picking blah stronger handsome unbelievable anytime shake oakdale wherever pulling facts waited lousy circumstances disappointed weak trusted license nothin trash understanding slip sounded awake friendship stomach weapon threatened mystery vegas understood basically switch frankly cheap lifetime deny clock garbage why'd tear ears indeed changing singing tiny decent avoid messed filled touched disappear exact pills kicked harm fortune pretending insurance fancy drove cared belongs nights lorelai lift timing guarantee chest woke burned watched heading selfish drinks doll committed elevator freeze noise wasting ceremony uncomfortable staring files bike stress permission thrown possibility borrow fabulous doors screaming bone xander what're meal apology anger honeymoon bail parking fixed wash stolen sensitive stealing photo chose lets comfort worrying pocket mateo bleeding shoulder ignore talent tied garage dies demons dumped witches rude crack bothering radar soft meantime gimme kinds fate concentrate throat prom messages intend ashamed somethin manage guilt interrupt guts tongue shoe basement sentence purse glasses cabin universe repeat mirror wound travers tall engagement therapy emotional jeez decisions soup thrilled stake chef moves extremely moments expensive counting shots kidnapped cleaning shift plate impressed smells trapped aidan knocked charming attractive argue puts whip embarrassed package hitting bust stairs alarm pure nail nerve incredibly walks dirt stamp terribly friendly damned jobs suffering disgusting stopping deliver riding helps disaster bars crossed trap talks eggs chick threatening spoken introduce confession embarrassing bags impression gate reputation presents chat suffer argument talkin crowd homework coincidence cancel pride solve hopefully pounds pine mate illegal generous outfit maid bath punch freaked begging recall enjoying prepare wheel defend signs painful yourselves maris that'd suspicious cooking button warned sixty pity yelling awhile confidence offering pleased panic hers gettin refuse grandpa testify choices cruel mental gentleman coma cutting proteus guests expert benefit faces jumped toilet sneak halloween privacy smoking reminds twins swing solid options commitment crush ambulance wallet gang eleven option laundry assure stays skip fail discussion clinic betrayed sticking bored mansion soda sheriff suite handled busted load happier studying romance procedure commit assignment suicide minds swim yell llanview chasing proper believes humor hopes lawyers giant latest escaped parent tricks insist dropping cheer medication flesh routine sandwich handed false beating warrant awfully odds treating thin suggesting fever sweat silent clever sweater mall sharing assuming judgment goodnight divorced surely steps confess math listened comin answered vulnerable bless dreaming chip zero pissed nate kills tears knees chill brains unusual packed dreamed cure lookin grave cheating breaks locker gifts awkward thursday joking reasonable dozen curse quartermaine millions dessert rolling detail alien delicious closing vampires wore tail secure salad murderer spit offense dust conscience bread answering lame invitation grief smiling pregnancy prisoner delivery guards virus shrink freezing wreck massimo wire technically blown anxious cave holidays cleared wishes caring candles bound charm pulse jumping jokes boom occasion silence nonsense frightened slipped dimera blowing relationships kidnapping spin tool roxy packing blaming wrap obsessed fruit torture personality there'll fairy necessarily seventy print motel underwear grams exhausted believing freaking carefully trace touching messing recovery intention consequences belt sacrifice courage enjoyed attracted remove testimony intense heal defending unfair relieved loyal slowly buzz alcohol surprises psychiatrist plain attic who'd uniform terrified cleaned zach threaten fella enemies satisfied imagination hooked headache forgetting counselor andie acted badge naturally frozen sakes appropriate trunk dunno costume sixteen impressive kicking junk grabbed understands describe clients owns affect witnesses starving instincts happily discussing deserved strangers surveillance admire questioning dragged barn deeply wrapped wasted tense hoped fellas roommate mortal fascinating stops arrangements agenda literally propose honesty underneath sauce promises lecture eighty torn shocked backup differently ninety deck biological pheebs ease creep waitress telephone ripped raising scratch rings prints thee arguing ephram asks oops diner annoying taggert sergeant blast towel clown habit creature bermuda snap react paranoid handling eaten therapist comment sink reporter nurses beats priority interrupting warehouse loyalty inspector pleasant excuses threats guessing tend praying motive unconscious mysterious unhappy tone switched rappaport sookie neighbor loaded swore piss balance toss misery thief squeeze lobby goa'uld geez exercise forth booked sandburg poker eighteen d'you bury everyday digging creepy wondered liver hmmm magical fits discussed moral helpful searching flew depressed aisle cris amen vows neighbors darn cents arrange annulment useless adventure resist fourteen celebrating inch debt violent sand teal'c celebration reminded phones paperwork emotions stubborn pound tension stroke steady overnight chips beef suits boxes cassadine collect tragedy spoil realm wipe surgeon stretch stepped nephew neat limo confident perspective climb punishment finest springfield hint furniture blanket twist proceed fries worries niece gloves soap signature disappoint crawl convicted flip counsel doubts crimes accusing shaking remembering hallway halfway bothered madam gather cameras blackmail symptoms rope ordinary imagined cigarette supportive explosion trauma ouch furious cheat avoiding whew thick oooh boarding approve urgent shhh misunderstanding drawer phony interfere catching bargain tragic respond punish penthouse thou rach ohhh insult bugs beside begged absolute strictly socks senses sneaking reward polite checks tale physically instructions fooled blows tabby bitter adorable y'all tested suggestion jewelry alike jacks distracted shelter lessons constable circus audition tune shoulders mask helpless feeding explains sucked robbery objection behave valuable shadows courtroom confusing talented smarter mistaken customer bizarre scaring motherfucker alert vecchio reverend foolish compliment bastards worker wheelchair protective gentle reverse picnic knee cage wives wednesday voices toes stink scares pour cheated slide ruining filling exit cottage upside proves parked diary complaining confessed pipe merely massage chop spill prayer betray waiter scam rats fraud brush tables sympathy pill filthy seventeen employee bracelet pays fairly deeper arrive tracking spite shed recommend oughta nanny menu diet corn roses patch dime devastated subtle bullets beans pile confirm strings parade borrowed toys straighten steak premonition planted honored exam convenient traveling laying insisted dish aitoro kindly grandson donor temper teenager proven mothers denial backwards tent swell noon happiest drives thinkin spirits potion holes fence whatsoever rehearsal overheard lemme hostage bench tryin taxi shove moron impress needle intelligent instant disagree stinks rianna recover groom gesture constantly bartender suspects sealed legally hears dresses sheet psychic teenage knocking judging accidentally waking rumor manners homeless hollow desperately tapes referring item genoa gear majesty cried tons spells instinct quote motorcycle convincing fashioned aids accomplished grip bump upsetting needing invisible forgiveness feds compare bothers tooth inviting earn compromise cocktail tramp jabot intimate dignity dealt souls informed gods dressing cigarettes alistair leak fond corky seduce liquor fingerprints enchantment butters stuffed stavros emotionally transplant tips oxygen nicely lunatic drill complain announcement unfortunate slap prayers plug opens oath o'neill mutual yacht remembers fried extraordinary bait warton sworn stare safely reunion burst might've dive aboard expose buddies trusting booze sweep sore scudder properly parole ditch cancele

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.hollandamerica.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3064
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4c7b4f50,0x7ffd4c7b4f60,0x7ffd4c7b4f70
      2⤵
        PID:3592
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1764 /prefetch:8
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4596
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:2
        2⤵
          PID:4644
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 /prefetch:8
          2⤵
            PID:2312
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
            2⤵
              PID:3404
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
              2⤵
                PID:4580
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:8
                2⤵
                  PID:4796
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
                  2⤵
                    PID:4632
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3160 /prefetch:8
                    2⤵
                      PID:4204
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                      2⤵
                        PID:5036
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                        2⤵
                          PID:2956
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                          2⤵
                            PID:3820
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
                            2⤵
                              PID:4912
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
                              2⤵
                                PID:4976
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
                                2⤵
                                  PID:588
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1784
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:8
                                  2⤵
                                    PID:1488
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4608 /prefetch:8
                                    2⤵
                                      PID:1320
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:1148
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6036 /prefetch:8
                                      2⤵
                                        PID:220
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
                                        2⤵
                                          PID:2304
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1748
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4756
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2380
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2776
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5844 /prefetch:8
                                          2⤵
                                            PID:2620
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
                                            2⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:2552
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 /prefetch:8
                                            2⤵
                                              PID:3200
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4852 /prefetch:8
                                              2⤵
                                                PID:4796
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4924 /prefetch:8
                                                2⤵
                                                  PID:4188
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4200 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4880
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1672,4450597656878492602,2199721634944102217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4200 /prefetch:8
                                                  2⤵
                                                    PID:4896
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x30c
                                                  1⤵
                                                    PID:4612

                                                  Network

                                                  MITRE ATT&CK Enterprise v6

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads