Analysis
-
max time kernel
291s -
max time network
303s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
10-01-2023 18:27
Static task
static1
Behavioral task
behavioral1
Sample
WannaCrypt0r.zip
Resource
win7-20220812-en
windows7-x64
7 signatures
300 seconds
General
-
Target
WannaCrypt0r.zip
-
Size
3.3MB
-
MD5
e58fdd8b0ce47bcb8ffd89f4499d186d
-
SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03
-
SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
-
SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
-
SSDEEP
49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW
Score
6/10
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification \??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\pdffile_8.ico chrome.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 1068 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 2768 chrome.exe 2752 chrome.exe 2252 chrome.exe 2260 chrome.exe 2560 chrome.exe 364 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe 1556 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1556 wrote to memory of 1656 1556 chrome.exe 28 PID 1556 wrote to memory of 1656 1556 chrome.exe 28 PID 1556 wrote to memory of 1656 1556 chrome.exe 28 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1264 1556 chrome.exe 29 PID 1556 wrote to memory of 1068 1556 chrome.exe 30 PID 1556 wrote to memory of 1068 1556 chrome.exe 30 PID 1556 wrote to memory of 1068 1556 chrome.exe 30 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31 PID 1556 wrote to memory of 792 1556 chrome.exe 31
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip1⤵PID:916
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1556 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5d34f50,0x7fef5d34f60,0x7fef5d34f702⤵PID:1656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1120 /prefetch:22⤵PID:1264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1756 /prefetch:82⤵PID:792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:12⤵PID:540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2164 /prefetch:12⤵PID:608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:82⤵PID:1304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3312 /prefetch:22⤵PID:1980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:1168
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:82⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3764 /prefetch:82⤵PID:1608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1844 /prefetch:82⤵PID:2124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 /prefetch:82⤵PID:2140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 /prefetch:82⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4156 /prefetch:82⤵PID:2148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:12⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3252 /prefetch:82⤵PID:2348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=540 /prefetch:82⤵PID:2384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1516 /prefetch:12⤵PID:2420
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:2464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:12⤵PID:2564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1584 /prefetch:12⤵PID:2624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2752
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1216 /prefetch:82⤵PID:2780
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:82⤵PID:2880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 /prefetch:82⤵PID:2948
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:12⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=724 /prefetch:12⤵PID:2164
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3120 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:12⤵PID:1292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:12⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=ppapi --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=1844 /prefetch:32⤵PID:2380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4320 /prefetch:82⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1604 /prefetch:12⤵PID:2316
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3644 /prefetch:82⤵PID:2448
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2560
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1076,13166344695462305492,18415041869959463891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:364
-