ad646bdcc35175fcd01168847e6624de90a98e7d6de1dfcab0dcdd78d3aa7fb9

Analysis

max time kernel
430s
max time network
439s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/02/2023, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

COPYRIGHT.txt
Size

1KB
MD5

0b054c2d5454715a2574d24f675fac2b
SHA1

05c27514961870d795a43be0805db64d4144180d
SHA256

ad646bdcc35175fcd01168847e6624de90a98e7d6de1dfcab0dcdd78d3aa7fb9
SHA512

def616053116c26d2fa3f0c640dd5145970aa6f3c71a55f589853566c33adb174d87afcd65a72fe2cf716b331622feddc8b0247c39664c6f463332f7132d1f8e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
588	ChromeRecovery.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\ChromeRecoveryCRX.crx	elevation_service.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1456	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
1592	chrome.exe
1052	chrome.exe
1052	chrome.exe
2824	chrome.exe
1052	chrome.exe
1052	chrome.exe
2052	chrome.exe
2748	chrome.exe
1820	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	1512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1512	AUDIODG.EXE
Token: 33	1512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1512	AUDIODG.EXE
Token: 33	2652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2652	AUDIODG.EXE
Token: 33	2652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2652	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 1364	1052	chrome.exe	30
PID 1052 wrote to memory of 1364	1052	chrome.exe	30
PID 1052 wrote to memory of 1364	1052	chrome.exe	30
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1564	1052	chrome.exe	31
PID 1052 wrote to memory of 1592	1052	chrome.exe	32
PID 1052 wrote to memory of 1592	1052	chrome.exe	32
PID 1052 wrote to memory of 1592	1052	chrome.exe	32
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33
PID 1052 wrote to memory of 1796	1052	chrome.exe	33

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\COPYRIGHT.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef59f4f50,0x7fef59f4f60,0x7fef59f4f70
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1156 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1672 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3036 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3296 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4348 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4248 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=852 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3284 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3028 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2572 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=820 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1368 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4304 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4296 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3652 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1128,16014628693467413158,14866191292215631573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 /prefetch:8
  2⤵
  PID:2320

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:2416
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2416_504590735\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={ba7788f7-c9c7-4166-af83-caa3c5c640a4} --system
  2⤵
  - Executes dropped EXE
  PID:588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2652

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\CompleteProtect.M2T

Filesize
219KB

MD5
852a3c6cf43ae1a20f435d312a618f76

SHA1
737acebe145569c50508b8397371d703056fbae3

SHA256
285c5dc4ead3695f5ab76b21c2e5d7ec26291704b22c9568d10b72f89bad660e

SHA512
ed65b4e4a215555ce0f6de6cad6ab114993735e838bc54fc81053e6c29fc78057d13243bb3820e7bbee7d72264e129df30fb1891c98cbf5e3b3d9bfcfb430f12

Download Submit
C:\Users\Admin\Desktop\ConvertFromMount.jpeg

Filesize
376KB

MD5
47ea982fc81bbee177fef68859629774

SHA1
d177d05b6df7e233976971e8c61e91da105b05eb

SHA256
f944ab9949dd7b8ac8d2af7e1a6c25ed7070f6dc5723796358e7e53d93b546e0

SHA512
ed5048f1c861ed1658e5cf30210964940fc4e012c275cc3c1b863c1747d099cd88748c0d2030c498f0642af8d3d7caf6a4ac0f8beaa32ba82233560e5dbca941

Download Submit
C:\Users\Admin\Desktop\DisableBackup.ods

Filesize
391KB

MD5
1e347892f9f84495454291b57075e027

SHA1
1aed515d703a06a236b0c11b60c2199dd9a51d1a

SHA256
f7939d81be83bb5f4d775142d5763d3ee44b3da3e98998ebb10f664e46832d41

SHA512
4cd77374f103aee24bc9f92d7d20dade446934e08a64e19a13c364aa2f56c7eba99ae6f9ee67ab25fe092677241b35767dea4c540bd7b24bb7d151512992ce99

Download Submit
C:\Users\Admin\Desktop\EditWatch.mid

Filesize
517KB

MD5
7daf4ca33946b73f12f9ead53e57eb12

SHA1
b9f55663abac6ad77f14581682461b5252a4697c

SHA256
96008b89016430bb391cb05b6f67d0a2111851cf1f77283fd425867f2ffff219

SHA512
cd57a5f1eabd14ade818436748bbdb5fe755b2ff69e8b65ac41926dc3a45137f185577649118b649ce1b2e1ecdcc2d49f414214cfb940f89caa1225ecff221c6

Download Submit
C:\Users\Admin\Desktop\GrantEdit.jfif

Filesize
266KB

MD5
1a348af97f38c92cfbc23bb8f61fd029

SHA1
9dc8a81e9e8b54132858e98d75e42ad2eec73556

SHA256
c3709f99188b657344ea8466f1638ee37287f7446f88aa8eed25ef2ef02b5cfc

SHA512
d8fdf34d5b80e998a7f741a91287b718d9e6e1b9e78d285110e27100cfce2c96999cbd38275c9d91c4f97dac6b272b1d6cfde2c44dc486d4b58c555461ec9c3d

Download Submit
C:\Users\Admin\Desktop\HideOut.tiff

Filesize
501KB

MD5
8223b1aab57ab8dc0f367a3400a0dc81

SHA1
2b7545ee32d48a4239a75a4948416006ff32b84d

SHA256
64e2f8148ecab6ccd8f53368d6b4ff188592291dc7386c23fe62f5f0e66d8f95

SHA512
830a4ef0fc85494732d1b0a5b83d1c49c5c21864d412a19931622c5aff60b69bd04b23fd42111919be7db21085678d79bf141bdaa992e6d3f3d567d9ccbb5d3f

Download Submit
C:\Users\Admin\Desktop\InvokeSearch.exe

Filesize
313KB

MD5
ec94367886317582984deecd66f9bf96

SHA1
90848783fcc6e09f74052e3da5304c5c0c46213a

SHA256
9f3117f56c54fbd2e08dd18f7fa125217b67b6096deeaaf902f9664b09dcc923

SHA512
06679462e5bf38324efef0dc8608db5db7c31f16270b5f5983c59435eb2fdbfa1e182c306ad82f33f8fc5a5ee69f8dbd79fac302a2a6df55b7bd33bcadf28de3

Download Submit
C:\Users\Admin\Desktop\MeasureGet.mov

Filesize
360KB

MD5
3dc5e79e21dd45ace4637c15e233e2c0

SHA1
3c73ceaf639a30a6e3f5346a24b72b2f839c4078

SHA256
938820f3cb63d44e978540dd2efc0bd8c231bc518f3213b7c651249c768d06b2

SHA512
56b71f029404a513b43afd82fe1a4e1853ad7b30dce54053625389607ed3a8e3efe437d6adbb076557e160b27d95cbda06c225744f8843d17c8e022fa1e28c2d

Download Submit
C:\Users\Admin\Desktop\MergeWrite.easmx

Filesize
344KB

MD5
fd7fed9da77e01eaeab735e1bedb209a

SHA1
c901dda70474834aa02c7a4005a9a40e022a66a1

SHA256
94571f2eec1147f4b5cfed491649122c6263aa08a009bd53c3b3b072ddf56de5

SHA512
137b6b1b85edc6f9fe63c9ff14a473eb480897c491787f80042c3bf5be4444e8ba647c06c58afa4a36aa9644d5e99bd500b4b55dc5982da61be3a5de28310158

Download Submit
C:\Users\Admin\Desktop\OutUndo.mpeg3

Filesize
485KB

MD5
0a2887c31801fa2fd86d04bf4263a6ad

SHA1
b88b584047784ea90e6217e41a631e2b4596ab79

SHA256
540a64f176f23fdb56b7795e9e0c189bdc7adbe519efe59545f999722c7ee0d8

SHA512
862cc436b0b2ceff2e2b3b144896ad5b48db23a25bef4513072bfe4e0ab4d2f48d61ec2af3b7b56bf63fa10887d6a4abc54d18e76fdca7182425c670fae4c93e

Download Submit
C:\Users\Admin\Desktop\PingResume.m1v

Filesize
595KB

MD5
96b2e5a77838ed4852d573464cbe75ca

SHA1
090320e370502a1d3358e69d50643954f9ca0379

SHA256
10811f2681b0128c2f7ca24a049eda319fb97b650c27f2c5a4b7f95038c32251

SHA512
624da5278423f33d593b53262629fa54065569c5aa7a2052b3cfd0f9c32147af269f64821186dc5e9ee6b2303ce33dd7db4a1ee2c4748dc3f9880668afad0c58

Download Submit
C:\Users\Admin\Desktop\ProtectLock.emz

Filesize
282KB

MD5
f4a8ce5c45ca524647d0db98c80e5ed7

SHA1
719b2072668309acdf3ae7bb17a24cabd58315b9

SHA256
a3ff22d49dac6543cd6ce02d42406389f38425e7aaa9acc1c997448f453987d0

SHA512
808309f9e2fd81affca60a0460a30191be6e8d45780bc6ac54b3a6badf949662804604612fa00e814b0e36d4a85bb4d00d9ffe3b874a73451bf60021e332f452

Download Submit
C:\Users\Admin\Desktop\PublishOpen.ocx

Filesize
470KB

MD5
f4f58990ddd9ffd24891bcd2515baf28

SHA1
3345e459bdc5a337bf6fe57246cf5aa966e56ba5

SHA256
5fcb4391bb2c85730b0c2b336d4b9e3fd72ceefdb9c81b4931fecbc4ffbb1295

SHA512
9af5f3d8a3b7773bbdf2eb35ed10b32eadd9171f038d84876f901554ab8b4961562b06ae67c37bc822c1ee6a6d3401c64fa32461b97289b6a74b5a97bf38e9a1

Download Submit
C:\Users\Admin\Desktop\PublishPing.pptx

Filesize
532KB

MD5
f644c3faa29b699b7367a20d61e76591

SHA1
08328829de7fa410154bfe7241a5a6ac5b94bf22

SHA256
bef66bfecd349337f7381ba394de8f3956372acf41b8428ec1aa5c0a92d35b6b

SHA512
6f54b34aea59e7223ee309df933beff7992b5f0e7487ebd7c794b1b2198f2af2da2699583db92fe32427bf47f2e6848e6abef23b51b8744cfb4cd3a9f8966c06

Download Submit
C:\Users\Admin\Desktop\RequestDeny.asf

Filesize
250KB

MD5
9960fec233540b7d98a5089467c788ed

SHA1
7856a656993403a7d397fe65ba0f96fa8a55fd9f

SHA256
8b7544cae5a80bc819ebb25e0598b96b54cc66ed82666818a3e9dbb766694932

SHA512
7f0ece4616c706246c34456f988db7990c40b328f704708545e7dff90ce487a67bbd3cbcd0023e7938a5e04e7581f0cc957886f53d781820b612bd36cc0e2125

Download Submit
C:\Users\Admin\Desktop\ResolveSplit.mht

Filesize
611KB

MD5
04d329a5dc5565c373fa2fb39499db99

SHA1
ad53f8e07cd0960341481bdf2d847990dbada1be

SHA256
62dac7ff3a8c734e0364fd6d1c7532a545d3f35f3c83f8615392afca4fed9e94

SHA512
b66911ee5471984978cfbe1c165c38590e8a12e3a9aad1d4b4194176fed509e1f31b7e4dcbf5efa4315f9abcbaf297bfe238428d5d61657864983ea26458d56c

Download Submit
C:\Users\Admin\Desktop\ResolveWrite.css

Filesize
297KB

MD5
52ec75b82c94e9345f498fbb1cbd5430

SHA1
fcd4f4591eda0cfb099fdd4dee6c425e799bcb88

SHA256
97a238b1872b6cd97a5340d527d86178976ff69e2fcab43dc5975bf4e41560be

SHA512
c82ef2421318109b2114a8c1458212b82636da13ebaa61a5b1070bf1835f81782bd652175e11a480a43b8471451516db800ee3751bb67a0a0bb6b14048a8e6fb

Download Submit
C:\Users\Admin\Desktop\ResumeExport.bmp

Filesize
548KB

MD5
d1cb555f61bd540cd35b113ec4b9b29b

SHA1
2d1c89a7837986ba7b38bacba740fae251ab68ea

SHA256
24dc7bf7fa7c03d3c066a6b0f18614b4ecfd1dbe4aeb39f324dc7e63435dd16c

SHA512
9f28e71a08a87b98b7545f9131c5a01a65d20080c00a812a26faa7982a3b3490960418dc3f976240fe791ab7722f47301b803f7ae1738942b36d5340587a027e

Download Submit
C:\Users\Admin\Desktop\SkipRegister.ods

Filesize
579KB

MD5
5f23b6dedf2cfa00df4a626f03f464f1

SHA1
0e783c6726171921f39c468dcbd872334228a3b6

SHA256
103e16c82fd5c7ab1aa1a28dc89cbbebf96291e541603781a18be8f34a8562dc

SHA512
841d386f28acbf0b4d04b4a905826bacaeae13c8d25f76a75a52e238057556b9d618998eea74868661954fdfa1c4c8eda2012ed435e59d2661e47ba76246a1e6

Download Submit
C:\Users\Admin\Desktop\StepMount.ADTS

Filesize
861KB

MD5
92f8f88bb8596c36ed26634908a2a3c1

SHA1
09a0aba252499d38b6b10c84c3ee5106f886d6d5

SHA256
b9e99a612fc23072943141bc6737843d3c709eef762d3a57cca5a613b0d6e8c5

SHA512
521ec55bc2be1009d13a218fadc94cf1d70a67b9eaaa3da48cefda620d0b1122ae75a18c90b233b18089c878451fb45d06d4064ff7ad5acff647d90a106d3a9e

Download Submit
C:\Users\Admin\Desktop\SuspendOut.xps

Filesize
626KB

MD5
e93ca4862137e37a9c781b791565dea7

SHA1
0af1ffa7ba03131862f8c2f7520c10b26b3f5672

SHA256
76b09c8300d7e74b854a292f22def79b258c2f1885c0ae8a7365266c28d040a8

SHA512
6f627ac41feabb75be79db73a9821f023edd0782e5e6cacbec9b7c5acc12bf51bb0c1937f0f0eb5221539778b4f26417775c62a1961ad67cac85b4bf949568a6

Download Submit
C:\Users\Admin\Desktop\TraceMerge.wmv

Filesize
438KB

MD5
3cd99f502b1a02addeeea9f374e778ca

SHA1
8354ef4359bfb31b68e69e5fc010bb58c40f88e7

SHA256
0def37baf7458ec7b2d9ca1db784960f5a8a9103b776be17f6c90e25bad2b0a9

SHA512
5bcc8bccf93105bc2bc7f9bc6eb8fa4ec5d30a78b477c2c04d680adfe920f58883751cb2c9c6098f88a1c4092d1c8c2880fcba2b9bc50ebc4ed99de45e69d4a0

Download Submit
C:\Users\Admin\Desktop\UnblockUnprotect.ram

Filesize
407KB

MD5
c528b17f18dd3e298ea6da93edb98f6e

SHA1
7a162222ebce1d730cc23235764d3271fb013e1f

SHA256
ae6c7271203ff249634eac187db688613486b6bca6fb1a2b13a72a4ca79a5567

SHA512
d728b07bd90b187629c1bb577700a9181692a12fc7a0b59ec4f1b23a8a99ce9ec84f7eca7be0d0aef72211f83408c851322db5c8133ae4235dfe7a7f3a43b36a

Download Submit
C:\Users\Admin\Desktop\UnpublishMount.wvx

Filesize
423KB

MD5
5cf18a40e3931893d1b2b2d4daad6ddc

SHA1
e8195c30df96ba825073d4568479b0c0758bcb61

SHA256
1a180fde83c4116effdc59be8915a042fe3fd33e9d53bcebe0ef95310b49c33a

SHA512
c7b9a44a17156209e1b7e515fcfedd5d4bdf4a1b8e738f0a18e78e5ec1d7eebc99760496ad050aa3bfdf601980b48fdf4cd9233d4391b273a4ac39bb0766c1ac

Download Submit
C:\Users\Admin\Desktop\UseUninstall.mpeg

Filesize
454KB

MD5
2c38a4c22c8970feb34d88666d69fc88

SHA1
f4e0a962007322651e9e02afa8a51de6c7424749

SHA256
e8eb5ec9f65bff555488367cd21539377cf150e93ac513fd2e30d4c92dbed17e

SHA512
2e905b9a7c76a9a12ef73272e4e9145b7ed446011d84e31e0c3fceced126aa06ef5012470a04498e586520120569c36aa1b4c062af62c7946265ae6717116808

Download Submit
C:\Users\Admin\Desktop\WaitApprove.lock

Filesize
235KB

MD5
5b694257d05ffeff7f6910a8b73af1f9

SHA1
22cd52c80268861cab074ba482444897186bd6fd

SHA256
2c3c95e12c3de0c15e16c08b5a6087e991a896ac4e9280e00b16447913e1311a

SHA512
9cac641d71c6e04b39e4f7dfe5a62399b03f6296ee2c04d807604db340db7833ef506393045fdf0d12810044724ba8f654424975409231d93444fa108b814ca6

Download Submit
C:\Users\Admin\Desktop\WaitLock.ico

Filesize
329KB

MD5
8571a02de2a722229febeca6f96b3faf

SHA1
26130a99bdcce4ea8bd8dad2bdb2c889e1304460

SHA256
dba499387bb67ad440ed763ae2f708467da79ebc186c77fcdc3e33aa05c227e1

SHA512
173866f6a9d893957c0a4fce9794019ebbaecfdabfdb70a2a3af6cd5f84e3846e84fdc732d08b34d7b98658d902e1594568e08039d318349419f4c74177f95c0

Download Submit
C:\Users\Admin\Desktop\WatchImport.mpeg3

Filesize
564KB

MD5
6c8af32c1c64a31022a50fc7a3821418

SHA1
c69a9ec76453d0909397e0641521b33dc372a1e9

SHA256
c8387c828de7c011f4d0ee69994b9ac3850d66551b7aa03bed871f0f34911b7f

SHA512
a9810278ac22dbac3a4745921d3e026d5dc7fcde1693fd03babe3484e92ef3bdfaf8831c0d672a9e338ce8ec661478f8fb0468d65b2dae0315e82d163431b809

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
2869642b73b53aa4f0035beaff47f2ef

SHA1
3c839057672e53a0ced2f786d23debf714c9bb3f

SHA256
1b49ca902c333b501f1bae88362879d54a124606a942961f21c3bbf5203d7541

SHA512
ee78d7c4a5466f4216cc5b740a10f84dd35ca59793822e2d420cd4bbeba79e808f52f5ead09aa70960c87f9fa3aff27249882874919863118d2ef68f797b6513

Download Submit
memory/588-86-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1456-54-0x000007FEFC141000-0x000007FEFC143000-memory.dmp

Filesize
8KB

Download