64958959324fadb7b0ef58c89464bf652f00fd2c01e3301dae2514e41865203d

Resubmissions

13/10/2023, 23:39

231013-3njebsgh23 7

13/10/2023, 23:33

231013-3jzwhsgg73 6

Analysis

max time kernel
302s
max time network
333s
platform
windows10-2004_x64
resource
win10v2004-20230915-es
resource tags

arch:x64arch:x86image:win10v2004-20230915-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/10/2023, 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

steam_appid.txt
Size

7B
MD5

5f62f86ea8d73ea50ccfbd23a2de64d4
SHA1

b5fad218868428794a8e9e6ad2f2982e79d00309
SHA256

64958959324fadb7b0ef58c89464bf652f00fd2c01e3301dae2514e41865203d
SHA512

cfdf8691a13c19a7efccc5ea300e114bf309fbe8db37c2406d48d4b1354780ccd6d78e988d9589b604c7a61e6da201af8c685b4e571ec6f5ccb9de2756be25d4

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
964	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
724	chrome.exe
724	chrome.exe
724	chrome.exe
2260	taskmgr.exe
2260	taskmgr.exe
5788	MEMZ.exe
5788	MEMZ.exe
3984	MEMZ.exe
7148	MEMZ.exe
7148	MEMZ.exe
3984	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
7148	MEMZ.exe
7148	MEMZ.exe
3984	MEMZ.exe
3984	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
7148	MEMZ.exe
3984	MEMZ.exe
3984	MEMZ.exe
7148	MEMZ.exe
5788	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
6544	MEMZ.exe
3984	MEMZ.exe
2796	MEMZ.exe
3984	MEMZ.exe
2796	MEMZ.exe
6544	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
5788	MEMZ.exe
7148	MEMZ.exe
7148	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
3984	MEMZ.exe
3984	MEMZ.exe
6544	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
6544	MEMZ.exe
3984	MEMZ.exe
3984	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe
7148	MEMZ.exe
7148	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
6544	MEMZ.exe
5788	MEMZ.exe
7148	MEMZ.exe
2796	MEMZ.exe
2796	MEMZ.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2260	taskmgr.exe
Token: SeSystemProfilePrivilege	2260	taskmgr.exe
Token: SeCreateGlobalPrivilege	2260	taskmgr.exe

Suspicious use of FindShellTrayWindow 15 IoCs

pid	Process
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
6544	MEMZ.exe
5788	MEMZ.exe
3984	MEMZ.exe
7148	MEMZ.exe
2796	MEMZ.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 5788	4268	MEMZ.exe	213
PID 4268 wrote to memory of 5788	4268	MEMZ.exe	213
PID 4268 wrote to memory of 5788	4268	MEMZ.exe	213
PID 4268 wrote to memory of 7148	4268	MEMZ.exe	214
PID 4268 wrote to memory of 7148	4268	MEMZ.exe	214
PID 4268 wrote to memory of 7148	4268	MEMZ.exe	214
PID 4268 wrote to memory of 3984	4268	MEMZ.exe	215
PID 4268 wrote to memory of 3984	4268	MEMZ.exe	215
PID 4268 wrote to memory of 3984	4268	MEMZ.exe	215
PID 4268 wrote to memory of 6544	4268	MEMZ.exe	216
PID 4268 wrote to memory of 6544	4268	MEMZ.exe	216
PID 4268 wrote to memory of 6544	4268	MEMZ.exe	216
PID 4268 wrote to memory of 2796	4268	MEMZ.exe	217
PID 4268 wrote to memory of 2796	4268	MEMZ.exe	217
PID 4268 wrote to memory of 2796	4268	MEMZ.exe	217
PID 4268 wrote to memory of 856	4268	MEMZ.exe	218
PID 4268 wrote to memory of 856	4268	MEMZ.exe	218
PID 4268 wrote to memory of 856	4268	MEMZ.exe	218

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\steam_appid.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:944

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4608 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4856 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=5484 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=4896 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2236 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=5752 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=5860 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6792 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6944 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6540 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6396 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6248 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=6224 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=6120 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5276 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=7568 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=7344 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=7316 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=7964 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=7932 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=8228 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=7072 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=8824 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=8828 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=9020 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=8568 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=9152 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=8836 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9720 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9708 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=7804 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=9732 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:1144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=6884 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=9744 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9412 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --mojo-platform-channel-handle=7040 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=9844 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=6360 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=9188 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8656 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:6252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7732 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:6244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=8348 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=5216 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --mojo-platform-channel-handle=6312 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=6532 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7216 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:6872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=3460 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=6676 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=7256 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=10332 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --mojo-platform-channel-handle=8948 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=6012 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=8120 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=8056 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:7148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=6164 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x2f4
1⤵
PID:5540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --mojo-platform-channel-handle=8692 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=5200 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=5068 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=8888 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=10092 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=7780 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=8408 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=8420 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=6372 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=10156 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=1640 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=3316 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=8708 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=5836 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=5948 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=8124 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:2504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=7144 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9104 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:2
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=9872 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=8952 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=1896 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=1792 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=3120 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8120 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8348 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:3152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=10260 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=9144 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=8396 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=5676 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=4592 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:7080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=7824 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:7124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7260 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:6252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6736 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:6220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=4656 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:5368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=7192 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10136 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3840 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7768 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5532 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:8
1⤵
PID:3812

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5788
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:7148
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3984
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6544
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2796
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:856
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:1840

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2260

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:7136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --mojo-platform-channel-handle=4728 --field-trial-handle=1916,i,1148034355684978104,3415940179802755927,131072 /prefetch:1
1⤵
PID:6156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2260-4-0x000001D361480000-0x000001D361481000-memory.dmp

Filesize
4KB

Download
memory/2260-5-0x000001D361480000-0x000001D361481000-memory.dmp

Filesize
4KB

Download
memory/2260-6-0x000001D361480000-0x000001D361481000-memory.dmp

Filesize
4KB

Download