Resubmissions
04-12-2023 23:29
231204-3gsz7agb7z 1022-11-2023 01:10
231122-bjkcaaac8w 1013-06-2023 19:34
230613-x94phabc44 1013-06-2023 17:37
230613-v7hm5shf83 10Analysis
-
max time kernel
210s -
max time network
215s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
04-12-2023 23:29
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://51.79.49.73/crc/
Resource
win10v2004-20231127-en
General
-
Target
http://51.79.49.73/crc/
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.109.1:1800
551312a4-69e2-49ef-a9fc-324282122b52
-
encryption_key
2C8CD3E5B94023D4196F46D6FC4A100DF5B725FE
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar payload 4 IoCs
resource yara_rule behavioral1/files/0x0006000000023214-168.dat family_quasar behavioral1/files/0x0007000000023218-290.dat family_quasar behavioral1/memory/3676-363-0x00000000009A0000-0x0000000000CC4000-memory.dmp family_quasar behavioral1/memory/4148-400-0x0000000000360000-0x0000000000684000-memory.dmp family_quasar -
Downloads MZ/PE file
-
Executes dropped EXE 11 IoCs
pid Process 1448 3.exe 3364 5.exe 4292 8.exe 5032 25.exe 3676 23.exe 3968 Project1.exe 3792 d.exe 3088 d.exe 4148 local.exe 3552 maikati.exe 3316 munqk.exe -
Loads dropped DLL 2 IoCs
pid Process 3088 d.exe 3088 d.exe -
Detects Pyinstaller 1 IoCs
resource yara_rule behavioral1/files/0x000600000002321e-273.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4128 4292 WerFault.exe 186 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133462061909589487" chrome.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000_Classes\Local Settings chrome.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 3356 NOTEPAD.EXE -
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 91 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe 4644 chrome.exe 4644 chrome.exe 3836 powershell.exe 3836 powershell.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe Token: SeShutdownPrivilege 2624 chrome.exe Token: SeCreatePagefilePrivilege 2624 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe -
Suspicious use of SendNotifyMessage 28 IoCs
pid Process 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 2624 chrome.exe 1448 3.exe 3676 23.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4292 8.exe 3968 Project1.exe 3552 maikati.exe 3316 munqk.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2484 2624 chrome.exe 30 PID 2624 wrote to memory of 2484 2624 chrome.exe 30 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1272 2624 chrome.exe 88 PID 2624 wrote to memory of 1120 2624 chrome.exe 92 PID 2624 wrote to memory of 1120 2624 chrome.exe 92 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89 PID 2624 wrote to memory of 4792 2624 chrome.exe 89
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://51.79.49.73/crc/1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc7cb9758,0x7ffbc7cb9768,0x7ffbc7cb97782⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:22⤵PID:1272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:12⤵PID:3976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:12⤵PID:3588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1588
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3960
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5296 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4876
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3892
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4676
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1508
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1380
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3196
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6032 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5852 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2764
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6120 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5812 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4512 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5348 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4392
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:5036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6108 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:416
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3360
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:5112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2000
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1100
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4860 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2128
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3880
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5776 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4488
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2684
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:4704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:3980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6112 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:2668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,9509628346407844983,12475297782398570736,131072 /prefetch:82⤵PID:1492
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\1.txt2⤵
- Opens file in notepad (likely ransom note)
PID:3356
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4416
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4308
-
C:\Users\Admin\Downloads\3.exe"C:\Users\Admin\Downloads\3.exe"1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:1448
-
C:\Users\Admin\Downloads\5.exe"C:\Users\Admin\Downloads\5.exe"1⤵
- Executes dropped EXE
PID:3364
-
C:\Users\Admin\Downloads\8.exe"C:\Users\Admin\Downloads\8.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4292 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 8162⤵
- Program crash
PID:4128
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4292 -ip 42921⤵PID:1904
-
C:\Users\Admin\Downloads\25.exe"C:\Users\Admin\Downloads\25.exe"1⤵
- Executes dropped EXE
PID:5032
-
C:\Users\Admin\Downloads\23.exe"C:\Users\Admin\Downloads\23.exe"1⤵
- Executes dropped EXE
- Suspicious use of SendNotifyMessage
PID:3676
-
C:\Users\Admin\Downloads\Project1.exe"C:\Users\Admin\Downloads\Project1.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3968
-
C:\Users\Admin\Downloads\d.exe"C:\Users\Admin\Downloads\d.exe"1⤵
- Executes dropped EXE
PID:3792 -
C:\Users\Admin\Downloads\d.exe"C:\Users\Admin\Downloads\d.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3088 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell "Add-MpPreference -ExclusionPath \"C:\\\""3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3836
-
-
-
C:\Users\Admin\Downloads\local.exe"C:\Users\Admin\Downloads\local.exe"1⤵
- Executes dropped EXE
PID:4148
-
C:\Users\Admin\Downloads\maikati.exe"C:\Users\Admin\Downloads\maikati.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3552
-
C:\Users\Admin\Downloads\munqk.exe"C:\Users\Admin\Downloads\munqk.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3316
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD539a5e1e218cfd57c41dccd2f08cbd5fc
SHA13815929e1d6bc06b4dab3f288bf3b70a49707ce2
SHA2565898ecc7b81ddbbeebff0812bdac9c9f8a5d6fc8afe9309d281fc5b62e8dceec
SHA512b9ff4bbdec8409e24649353d5f0c045144b084b98a97617215cbf71bddd206b588f75f72b747cbdce51b8c9f633ff752a567ce5bc872b189e48f72bdffe42a2a
-
Filesize
6KB
MD5a9bff0759acd435f26c0b7a75bfb5752
SHA1793306da7469e3ce374e6b46503aa672f5dd3e3d
SHA2565d075172abc1b8f7132d8dbb23b80db11e458fc1f431d1464b2e51b516c3d70a
SHA512dbabd4a22bb85900134627f19d91d7c371912f6442771ccaaa16f3cc9b9634640fd4185fe225bf6ff235d2eda808b59a7df0f009841c304fdb20d8c4d1ddc752
-
Filesize
6KB
MD5531f9b2d776071e69aa0ebc57fc77a6c
SHA1b08843f17d3618ad858e06e43e3b4bb9475307d4
SHA25621a664bb27c58f8b13a77f4387d7e9a6d9cd2a66a13e1677ca30f60aacfc6e7a
SHA5125112b56d8f63df001cf88c500dcd9bf0dda99712b0fae63d8632358ac9de35e6de5e06bf8260b670bdc895addcfa8baf51979b27e9f113188061c9033fd2ea58
-
Filesize
6KB
MD5435496fc812729008da95aa47a26dd17
SHA1486710da2a4a31a8e286bd20a764900c7774d251
SHA2561d5724ade4920e0072c9064e389cd6b6ddfb1a7e9e4dd2f5bcb782ddf62f0186
SHA5120b3ab7342e4318fe7e42e5f3ae65ce89ba571e59e77a4632a6a0fd06b58780613c14548392b1186178932721c390f05bb9c0b56b8968f91704cab897f12a5ca4
-
Filesize
6KB
MD52c2d3e16e7d04f4d45e5a2bf6ec100b8
SHA17d4166382cc76ded8a7bf50487c5d5423f72fd34
SHA25686c5bdaa8b2d00ba49ad5472ba3271022664fc7ad7ea7a841b61aee7b1c4a66b
SHA5122754ca882087d820e1da3e0180616f89e38c9dcf88ebe244cb274e02567e865e6a336c44f568f1ea9d6df51315f703a2771d2c8059fa9b0e1c5859017b692a2a
-
Filesize
6KB
MD576119e6b53d13111c6b2484b692449f8
SHA1aee49b3d579913634cb8e39e1e3048f8fc6bfe0e
SHA256d091947863af4e73709772bfb39d012db66cde326665325a6f86dd013a129a7e
SHA512ca1a354c090bd9ab89c6a7d140a636ba6964937bac561c766d82c6ecd71265e7b6e1878447888ef7070c07a51e7bac14955c49a34dc9b43d23e086a36ac112ef
-
Filesize
6KB
MD5c2cd53f0b7389db8c3944b705bfe529b
SHA1350adeb08142d3bfc1938296a4822f56c008b2ec
SHA256955dbc81774449b6cf3bab6a211368a4d942e5a9f650c1ab8bd22016be00e8c3
SHA51238bbbb1e3f2092a87fde0be01ca0089df773948d4435a54c3d6da83759e80507f05e79fc75189354670eebdcfd47a4c9ada812d8ac9b1adfc5ebd21422e87ac2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a16cdbfe-2afe-4ac3-8076-8f8c6f150a3a.tmp
Filesize6KB
MD50af80a47237416763b5d81059c163350
SHA1292aa798fbcff065fb2f989b24d80e74bfc05634
SHA2563d60d3d929715b6eb2c70872194c5ae47fcc92adf22079075ffdbebf10a5f212
SHA512e1ac6fdf5fe735656acddd85698034b5dcee0fcfe7babfb825340b2a1bac5d7bdfe58fd0940ef8811e1986693c8ed492529eb865a3b4fd3c19e8e91e8755ff72
-
Filesize
115KB
MD581de6ec060521a552adc17bf7bb0bd64
SHA11360ca7320af147fb5e4db604b5d889e331cf822
SHA2562a19dfc89ce10e27cd12be9ef3276e1d632233cfc386acd91646fc9adec332b5
SHA5129099f38aaddc873471fbb4d26b14148ce1a6b2482c6ad75f80f1987f72d239db39ccd329b3b6f2a660bcb626f6aa439c9c207300c8b9e1fcabf296a22179e344
-
Filesize
109KB
MD52ddd8e5c4940304c51772fa8a2fc72ca
SHA12bfcc39a97ec70ea3f46425e3a1fee4509344b92
SHA2568f5e0f5e7bb19d9003f48c1dfd7b1f749bf0f98e543b6dbd891604ffa996f70c
SHA512fa0b3d02aad572aab221ae6bc45cdc1f87dac2fd9b1b9f04789325dce869f187ea26a506a0b99dc739b0ad47ef2d634de19e29a073e65cdc3636d4aef5e04902
-
Filesize
103KB
MD57a14c960d1c1390a12b8c5c6d39bbc29
SHA1e92347cd6a2709a9094096515440fa7c27769582
SHA256769db52624919cd40148e1c92741234ebd292e5def9a3eff5aa38a555dbdcf87
SHA51250d3465144560d0bbffdcd4603e8686c485fc5271195c5e60e424fd2fb6db457a992b1141c9c88241f9230937f622db945ed97d1a83a6477a7a78dc5f8f453aa
-
Filesize
97KB
MD506ff89d65cf93cb8fd1d31c70839d6ca
SHA1192bc017896ef4881f30e8bd1435e24addbc501c
SHA256cb634cf1ba7947f1ca0b28adfaa0d9bf178ffd682e443530abf26dd8c8e92278
SHA512a7a4e4c97290abd95a34c05c34ebc9f95937f204d2c8b1cbd41ea2bbfd0d135111bc0462a1710bf5bff5db0af54d6074823961aed169008b898f89fddb4b8ec0
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
3.1MB
MD597d1df08c744ffdcd02a0bb242654344
SHA119b48b4fab13e13b8a3bc337043a1630a97284a7
SHA256e555a713564a260d6dcd8ba4ebb6f096fb06ad7d3b240a0cd02b287f0da1da75
SHA512c88c0fb249c491d9c51e18bcb585bb5a6e150c3256c482b1855ae8353509f1e8d57e1402a28be890f81636c0cc6084e917631abd7ff34e37163e5af873ceb1ae
-
Filesize
92KB
MD5ae48e7e8e4dcb69076deaeb29c8b9e98
SHA1a2e1df3d578df711adeb3d2b45af11e4eb90eecf
SHA256395422a2c7c25ab9826c66b1762e64d7b064e34c4efbd7922f1c85a1faf35c0c
SHA5120899da196f621ce88b9d2763f011f1b16c1d8377ee6784b950a757886d9d11ab05647a99006d1999ddadbb83e40ea044ec7e772723b0477c730fc540d7d1a3ba
-
Filesize
180KB
MD5ec4b8e92690e262959a284545ea5bb17
SHA172f0cdd26d5c0b860af78e62b584e2252c7ca55a
SHA25658f369b591eda0083a526592fb7d9bd3205d5c15e89ff78898614b4abab2001f
SHA5122d1cf84dadc07d9158e55f8ce5cc2ed7b65b53a10fa2cda682f62a5815951509c9b6d64a7c89f538ab7036f8e01731236de4e125f56c0daa928556c09a820924
-
Filesize
430KB
MD59ed0f58186bbb5612d8b9cd1a4212fd0
SHA144d979c15dfac52d0a4bf188e5d40f084720c38c
SHA25605ecc8ef9769cbbb379fa67b0dd66e810f20810fabe1b79b5861c3e6146772a9
SHA51218edf02b6f825f9f6b94e542619f912cebd15627626bfa7299210b14cbf174c7b02222b8aa5a0c9c29efecf39c0f77dfa632ca8bf055b310973396ac405705d5
-
Filesize
20KB
MD593b136994058771682b8e1617ad39577
SHA157817a7f1ae6f0db222d6fc5d53704ba04d5c77f
SHA256358523747d28c2319c95762032a29996c8e9176d9f3af683b5fa7d43c7342900
SHA512b453f6486a2de517c64b028b1d7a202d46131e19b871131dcb471afee406906759804af606242ba38e2e05012b8293140571302f4766d6e2fcaf9fc8aaf9a49a
-
Filesize
90KB
MD5d10fa279604ea404d5a901161a43d399
SHA1bfd951e6501ad4ca0a11aab52b66f00276e740c3
SHA256877e947b92dacbc1dc4db88be91afbd760ec7026a5b6e0f4861a362355d64e90
SHA51276286ffa2294784b3cdddcceb0fc74c5e986dbceff5772e0b8cb6e58faf40242ce3befa074e8db7506572d8c809fa30bc788cc9b304d11961233f6ea297d549b
-
Filesize
430KB
MD5035c8f6c6e24918b3fd6ea15b1d7db97
SHA11bd2547dbd0419c181c114f9cd02d1cedf546dea
SHA2566d149eb7fab909d086e33b2dcccc4ba9ee12ccea08f0a94eb7f7ff630bc99749
SHA5120c707b3177e159592571de8da5247440616f9f0537dcee8c803ffc088ca6d9e33c88903e77fca2de5ae95576fa10fd678992f23914a0771ad7f59acd0b9a3ed9
-
Filesize
6.7MB
MD59d2595aae3159474cd1e406dec09d337
SHA1a53f1146d9b117eb4aed381977b96f12c5f28301
SHA2560331d9e5a7cd6d5649660f91d7f980902d03f98ccad882fec4b7349125efa48f
SHA51206d9c8fbd1a423b289c43b158dee55ee173d83bf4c5823b5fdefe999ca86c2c93e15fe34373af8713593e3e51c063204275bca1d0312b1392166f8bec901b0a8
-
Filesize
3.1MB
MD5f83f151af4fc879e060b8245d66a0290
SHA18d223eb9c95206b6bf19a1cc1dacab9367d0c785
SHA256f2b625e0b1608055f59bacfc71691a483943fbcc7b05431ecf3948ede6075ee2
SHA512abce8078171a5ff88216227317b839a1b2c00474dae57f668ae9b90a3b5f65d7467697c2145ddb318f0fb899f8ad0c1981330f238effe81d7bebc8c8bd0a7d1f
-
Filesize
430KB
MD5546c3feb60e349a2c00e35de128670ec
SHA10ec6924030bae6fc3e986b7132a81c882dfd053f
SHA256a657f9efe2f82abb3f5adbd90e9cce0cda71769e39f301c2bce8bb214daab809
SHA512de4368f68b703a39e1b6e64f1a98bf23d2948bd0e694b737ca2dd29037cfdb7c8e85c828899203d5c55e1892a6557b77be6ed4c99d34ddee94d6494a3ebb15a2
-
Filesize
24KB
MD564fe9abde890656a734c3ec0008f1a5d
SHA1f38220f62d5dfc5c66e328421ceb384b8e4a53d6
SHA25640bb96ac2e8818dbfe168dcf841f0ddea610c1a41b776acedab195fb6df8b29a
SHA5125211c0b21ce87dd58342fa52196791a4294bf4565b48a388f72e6715065bcad929b2a97e4206918ec516f5ab4fc2859fcef7e95cb1fef975e57c5e44adf47bc2
-
Filesize
3.1MB
MD51335ea3b575ea12970ae595a60441d26
SHA1189ee218a95b4a8203f8edb63e50b16fb3a81000
SHA25658e825e9ba90117d194b592dca90ec50ca4cd171457b9afc69e210fd6e48bfe2
SHA512136275b1f517f8e0e957d9c643c3b8a7bc8329b97d183e6f88fab10270922ab93efbc850a26e81f227998e759ba9ba4b994de260de929d5515c2c5b7527806bf
-
Filesize
430KB
MD5cdcae02be89bfde57d4b98ee2f780a16
SHA1522ac2290ca00251edb22542a8f70e6540fbf8c6
SHA25673f60aefeddf4bd9282b8e47e68953ce53f34033e4be836be06ea3a18dc7e2e0
SHA5125930e19a1851e1215366f88af405037e4e07701e7ce0a25d15c932bf314bb9c71ec41557bcf76c5e932dbc1fcf7f8a9cf8cc21756b12c2a97d25fd4dd61dc34c