Analysis
-
max time kernel
110s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
12-04-2024 05:07
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
quasar
1.4.1
Office04
192.168.1.226:4782
aec627fa-aba4-45fa-a0fc-e456110a730a
-
encryption_key
7D414F9EC5601C94A757DDCDCF7C7A7809D8CFD0
-
install_name
Client.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Quasar Client Startup
-
subdirectory
SubDir
Signatures
-
Quasar payload 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\RyansProject.exe family_quasar behavioral1/memory/6892-331-0x00000000009A0000-0x0000000000CC4000-memory.dmp family_quasar -
Executes dropped EXE 2 IoCs
Processes:
RyansProject.exeClient.exepid process 6892 RyansProject.exe 7504 Client.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exepid process 7624 schtasks.exe 8084 schtasks.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573720909907006" chrome.exe -
Modifies registry class 1 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings chrome.exe -
Suspicious behavior: EnumeratesProcesses 36 IoCs
Processes:
chrome.exetaskmgr.exepid process 3876 chrome.exe 3876 chrome.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 7384 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs
Processes:
chrome.exepid process 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exe7zFM.exedescription pid process Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeRestorePrivilege 7384 7zFM.exe Token: 35 7384 7zFM.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeSecurityPrivilege 7384 7zFM.exe Token: SeShutdownPrivilege 3876 chrome.exe Token: SeCreatePagefilePrivilege 3876 chrome.exe Token: SeShutdownPrivilege 3876 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exe7zFM.exetaskmgr.exepid process 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 7384 7zFM.exe 7384 7zFM.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exetaskmgr.exepid process 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 3876 chrome.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe 7192 taskmgr.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
Client.exepid process 7504 Client.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3876 wrote to memory of 1936 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 1936 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 372 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 772 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 772 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe PID 3876 wrote to memory of 2040 3876 chrome.exe chrome.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://easyupload.io/cbm5st1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3876 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9533c9758,0x7ff9533c9768,0x7ff9533c97782⤵PID:1936
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:22⤵PID:372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:2040
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:3080
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:2928
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:3032
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4972 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5276 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4236
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5404 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:3988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:3852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:2372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6352 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:2864
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5872 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:1960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4600
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6452 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4056
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6472 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4792
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6740 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4836
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6756 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:628
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6920 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:1176
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6944 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:3644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6952 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:4780
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7232 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:2020
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7244 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:2332
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8072 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5668
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7100 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5748
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8208 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7268 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6024
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8624 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6128
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6172
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8960 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6252
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9376 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9340 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6484
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4992 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6496
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9728 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6644
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9588 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10064 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6816
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10172 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6924
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10312 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10264 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6356
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10324 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:6384
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10708 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7088
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10468 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7124
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4716 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4692 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7504
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10660 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7580
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10336 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7688
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10556 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7720
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10168 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9672 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9712 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7960
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9500 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:8036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10568 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:8092
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11248 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:2956
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10520 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5076
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10504 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9036 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:6272
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10428 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:6500
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:6800
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RyansProject.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:7384 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=748 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5280
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=6668 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:5692
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9904 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:4348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:82⤵PID:6296
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5644 --field-trial-handle=1820,i,15116814464674046172,11528217011646886192,131072 /prefetch:12⤵PID:7028
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4640
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:7744
-
C:\Users\Admin\Downloads\RyansProject.exe"C:\Users\Admin\Downloads\RyansProject.exe"1⤵
- Executes dropped EXE
PID:6892 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f2⤵
- Creates scheduled task(s)
PID:7624 -
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7504 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f3⤵
- Creates scheduled task(s)
PID:8084
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5575950233722153f56167d98ad959144
SHA1917947a4c96a09076deccca299fc334a6dce0f9d
SHA256f6034726bfbf814d6e0f01628f8094d44d7d62576fd1b39bcf6696b6e79eecc5
SHA5122502bdefde351a3489bb1a8719149b84b7f610f5448d97d487aeff390518eac00f293bab8245a3cfb500dbb6615a1aef95ef1b83e4e341a7d80e526f613c4f3a
-
Filesize
1KB
MD5de14cfb351687c0ae0183021724809d2
SHA177bcb04a01b68fe00748936c575484fcb3ca8323
SHA256712a40ec6ad5da6d51a16f9445a9e8d6748192611ddff25cc30499c26fd57ced
SHA5121699287a290e4aeb28178afae3450a28c2aa693f8b19a5452bebceaf9a71d8addb219d5f2b8f5d329e9d92e004fabf868ec0f8484451bef12cfe2236f1ab7d09
-
Filesize
1KB
MD529eab28c08ecf616fcf6b6201918f07e
SHA18c0c0489b70b346e53b6fc816ff001cceff5c0d8
SHA256c0ea4a9a99ca90cf76fb075aadc85291d250eb4ac42aae8d0f1b011a6c6ce4ae
SHA512a2d407e8f973c38262eb0a00eff784f27e360316afd4a251dd90a3bfa81ec599a04e932255f92d8bc55fa8a5fc6b5c76c8b1e4d7352098f0139248fa480c630b
-
Filesize
14KB
MD5917e27520ce9076378d4ecfab9e2d7db
SHA1e78dc2b58ca579269f1b74cb9cb770cf19bc4dbc
SHA256fce3055a6fe74b6f25c6e4adb06e980ccb7a190442aa6ff2818b9a946f35730d
SHA5122831d979a80fa232403b0ae0f16d92b2e2626e65ead446f271bc28c91bfb652297705e6cde47e3c7f23ec9440a4c9ceb4f067fd867fb74580a17fa363b8ab91c
-
Filesize
2KB
MD5d4a9cfdc7dccd16469e56745f5d19b5f
SHA12fb78146d78c991941c3e536a1b68af943a15016
SHA2560b9906de076030e564a6e471f7a833020240d4ef303528990e2fc5b848b6e73d
SHA512245f3d1da6f9fe5f681240358e6ea4122daaad760abef86958f8590b9378d4bfbc6c2faab75adfa33e9f7a648f976a8b4258f846f445b43fb96f0bec813bc38c
-
Filesize
5KB
MD5c37c2c3e85d7e794e6591216a98dc83b
SHA154160ba732e9f391b71550791997cae2d25c0fa9
SHA25670db338c3fef0b90c509bdefcde502dee65b4f30000f6196fa694ab2deda6a5b
SHA5127388fd498479cd149dcef41b217b1091ec514b3da6b0959840f92dde19fafb745a629078260fb0d3026434c133775f59ac82faded1e21b903d3392092ac99c87
-
Filesize
4KB
MD54b70f44abd30c268b3854351b8873a81
SHA1ce6d96bb0fa7d83ca6c2b41c8aea0833e0b01e57
SHA256d5db848cfe74a90465e1f2afb56206d55d7b597463b64ea6b6dfa71e5b998539
SHA5127d2e60bd248b03aa4e2eb6fcb181ed6d4dc560878aeb2769e339941e3bf2e716191df3458057a183f037ff8022d3c29244ae08d09ca8658946b6f82eb1b24658
-
Filesize
6KB
MD5a7286daa4736fe3a0f3832d330dc743c
SHA19296356f692aa9bb77e88d0daf72cfadf370f26e
SHA256b20e6aba4dc2aba2d1a11a5c63234802fe08f89ae565e4c319e13009cd3afc20
SHA512d881260dd5850c0f5a020d63d40608e45466d69b698ab1d58ba18d49ad29eaeee62d0bf90c961d920cfd73829bdd0208539a2aef9903337e0d258106c85ee085
-
Filesize
7KB
MD511f88c9ecb2c898ef348ad18c2c44246
SHA1c44e8570ee87a700c6b7e9b2ad560907b2d44228
SHA25693870f66f59af1743df030d0a5d156456444c1c045bb2e73670f30ca130db68a
SHA512ec7bbcbd0397ec4bceb62c4e5fd308bf8bc31ec3c4afd590a072332d54f8a9369512ac329526fc5915e69c638e3b913f28a22c70d91a52b45b7eb806bd3c5c79
-
Filesize
6KB
MD5cc764f1cfc960924912263aa818d502f
SHA1982c077bf32080a8254e832d3a1d78468e0d7d1b
SHA256e27d21e22a49f723ae43ab90ab6230b349d7564bfb1a4d6877879f8e2f73bf9b
SHA5125562433d0e4d9e3ac13e0c7b15ecbe8d2aebba1dbd975c2f8ba447f7687762c15d26836408d7a9fa840ee7bc75b3ed39a48f377919587022a73eeef0369d83aa
-
Filesize
128KB
MD5f8aa2440bfe79d992b0f60220cd49ced
SHA19b0fa98bd3354c5596a154485fc2225e1223c19d
SHA256a1c48f34b53ad2ec50a8a0766f33becc2db9b68b0f0d7be3f23b800cb2a9dd45
SHA5125001299f1c9d1bcacf77b65a4de2cd8e72f5225da192b53d84d24472ea055fad86df5934a8fe237ef299bc8d7e9c3d8ac3277c9c9a3182b2141b504ae485082c
-
Filesize
128KB
MD5ea77c486ad630e92a3160dadf3d91f9b
SHA1b80f9a6811d2e4fd6c4debf55f056b2088d158d3
SHA25616cbd78c6f826b2d86f64698c0e4512ff9076ca2169cd653bd460cca518db9ed
SHA5128533f2e0dc107d9bc258f903b8c842e58699d00f1b7c77aedd4f727f33306bb5e24ec2304e313f4363d8f4a53dacd16f34116091151676a38a031cbc5f44dd56
-
Filesize
117KB
MD58c03c13632b1af6bf07325516db44903
SHA12b208c13444ebeae43a35db8b083d193b08bba5d
SHA2562e2b0669d7bb1f94e6d2c6ab344e22f40b857c544ac17273914299308741049d
SHA5120136b7eceba95c35a915b92a2eb9ebd1fb9842cb5a10ef7d2c29db99037934e3cd6f8d46ed0e698f9752c61d503fd224e0438149195fbe8d8a062889b461c392
-
Filesize
104KB
MD508013f933d042c2e654f4f7d2ea2420a
SHA1cde6f69a0b77a3c0f3392daa16971cd48b7821d2
SHA2563885d0395a532ddbec2146c7496fde9e22e49a7ed086d63da0f6f13f7c841551
SHA512c605b477d3295cadc2fcd8dfdf2a1621c5b70a182f1fbb4fd5e7f658f8e597c0b2ff73c45065a590f85e5ecf104b5a14cbc65142444cb6fbfd76e3ddf460bd6c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
3.1MB
MD520edba711349a03803c2f96bbbe18b39
SHA1675607f2c3510c35ea0784c1051e3a96c3b44416
SHA2568e3077a2601f2727d79389b445d9e90336a0055c0f5a7ce330cbd4006876f1f9
SHA51285130c87a19dc29bb6b6c26aea68f7173bf0df69c2a4b80e90bc2e14c19acdb1457f680e69d75c916fe7d546c470da5bb38b970843b33feda74847f5a675ee4e
-
Filesize
1.0MB
MD544d6e8a53cff50cc3363e729ce3ecb04
SHA1c9b66072ab2179194baee927b4ab04d43d64ddf5
SHA25617f1c062b320bd3c8b938a07f9518affaf837fc253fe20c624187faa114938ae
SHA512a93a888e5438c9a1d7453874da93d6aa860fd92be616d4a349870f025c3c79ab3ed24403f635d3e1496799930ac08c9c1f58cf0580720a70bbf43c2aaad11189
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e