Malware Analysis Report

2025-04-14 05:06

Sample ID 230111-lpen4aff3z
Target hood fighting.lua
SHA256 d37e1cf29ba447f8d5e8f3e27be0485c986115b8280bbd5b9c57bbfe70beccd5
Tags
asyncrat quasar office04 discovery evasion persistence ransomware rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d37e1cf29ba447f8d5e8f3e27be0485c986115b8280bbd5b9c57bbfe70beccd5

Threat Level: Known bad

The file hood fighting.lua was found to be: Known bad.

Malicious Activity Summary

asyncrat quasar office04 discovery evasion persistence ransomware rat spyware stealer trojan

Modifies Windows Defender Real-time Protection settings

Quasar payload

Modifies system executable filetype association

AsyncRat

Quasar RAT

Async RAT payload

Registers COM server for autorun

Executes dropped EXE

Downloads MZ/PE file

Windows security modification

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

Looks up external IP address via web service

Drops desktop.ini file(s)

Drops file in System32 directory

Drops file in Program Files directory

Program crash

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Runs regedit.exe

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Creates scheduled task(s)

Delays execution with timeout.exe

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Runs ping.exe

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-11 09:42

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-11 09:42

Reported

2023-01-11 10:12

Platform

win10v2004-20220812-en

Max time kernel

1810s

Max time network

1803s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe"

Signatures

AsyncRat

rat asyncrat

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR C:\Program Files\WinRAR\uninstall.exe N/A

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
N/A N/A C:\Program Files\WinRAR\uninstall.exe N/A
N/A N/A C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\ChromeRecovery.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Downloads\Client-built.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Users\Admin\Downloads\not.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\AsyncClient.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jehavv.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinRAR\uninstall.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\AsyncClient.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Windows security modification

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\users\admin\desktop\desktop.ini C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\SubDir\Client.exe C:\Users\Admin\Downloads\Client-built.exe N/A
File opened for modification C:\Windows\system32\SubDir\Client.exe C:\Users\Admin\Downloads\Client-built.exe N/A
File opened for modification C:\Windows\system32\SubDir C:\Users\Admin\Downloads\Client-built.exe N/A
File opened for modification C:\Windows\system32\SubDir\Client.exe C:\Windows\system32\SubDir\Client.exe N/A
File opened for modification C:\Windows\system32\SubDir C:\Windows\system32\SubDir\Client.exe N/A
File created C:\Windows\system32\SubDir\Client.exe C:\Users\Admin\Downloads\asdada.exe N/A
File created C:\Windows\system32\SubDir\Client.exe C:\Users\Admin\Downloads\asdada.exe N/A
File created C:\Windows\system32\SubDir\Client.exe C:\Users\Admin\Downloads\asdada.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Default64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Descript.ion C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\7zxa.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\zipnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File opened for modification C:\Program Files\WinRAR\ReadMe.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\rarnew.dat C:\Program Files\WinRAR\uninstall.exe N/A
File created C:\Program Files\WinRAR\WhatsNew.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Zip.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinCon64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\_metadata\verified_contents.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\ChromeRecovery.exe C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\manifest.json C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File created C:\Program Files\WinRAR\Order.htm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarFiles.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Default64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinCon64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinRAR.chm C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\ChromeRecoveryCRX.crx C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Rar.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Uninstall.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\WinRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExt32.dll C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtInstaller.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File opened for modification C:\Program Files\WinRAR\Default.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Rar.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Uninstall.lst C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\WinCon.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Zip64.SFX C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\UnRAR.exe C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_240687609 C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\License.txt C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
File created C:\Program Files\WinRAR\Resources.pri C:\Users\Admin\Downloads\winrar-x64-611.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files\WinRAR\WinRAR.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files\WinRAR\WinRAR.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\WinRAR\WinRAR.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\WinRAR\WinRAR.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "4" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\0\MRUListEx = ffffffff C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\1 C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Pictures" C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616209" C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\0\1\MRUListEx = ffffffff C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r23\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r04\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r17 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 78003100000000000c5519991100557365727300640009000400efbe874f77482b5655552e000000c70500000000010000000000000000003a00000000008714af0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239} C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r07 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r21\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r14 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r05 C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r26\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 66003100000000002b56485610005155415341527e312e3000004c0009000400efbe2b560a562b5648562e0000006830020000000b0000000000000000000000000000005dd652005100750061007300610072002000760031002e0034002e00300000001a000000 C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r28\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\explorer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tbz C:\Program Files\WinRAR\uninstall.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR" C:\Program Files\WinRAR\uninstall.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command C:\Program Files\WinRAR\uninstall.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A

Runs regedit.exe

Description Indicator Process Target
N/A N/A C:\Windows\regedit.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Users\Admin\Downloads\asdada.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A
N/A N/A C:\Windows\system32\SubDir\Client.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Client-built.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\SubDir\Client.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\asdada.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\asdada.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\asdada.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\not.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\SubDir\dded.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\AsyncClient.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-611.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Program Files\WinRAR\WinRAR.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1324 wrote to memory of 4528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1324 wrote to memory of 4528 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 4540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 4540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 1268 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4204 wrote to memory of 1372 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4056 wrote to memory of 4820 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\hood fighting.lua"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdd394f50,0x7ffbdd394f60,0x7ffbdd394f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbdd394f50,0x7ffbdd394f60,0x7ffbdd394f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbdd394f50,0x7ffbdd394f60,0x7ffbdd394f70

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,16331096867633163269,10387827086053722216,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,4476112152743828180,2473025229749395154,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,16331096867633163269,10387827086053722216,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1964 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,4476112152743828180,2473025229749395154,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1960 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4732 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4660 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5740 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5984 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5864 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3724 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3188 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6288 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-611.exe

"C:\Users\Admin\Downloads\winrar-x64-611.exe"

C:\Program Files\WinRAR\uninstall.exe

"C:\Program Files\WinRAR\uninstall.exe" /setup

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5900 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\ChromeRecovery.exe

"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4048_965208742\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={96c7f40d-5d66-49c6-b546-6015995515ab} --system

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4844 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2300 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6344 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3180 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6932 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6596 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=936 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6556 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6284 /prefetch:8

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Quasar.v1.4.0.zip"

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Quasar.v1.4.0.zip"

C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5504 /prefetch:8

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\0d062f209a3f47968cd63fb9cb52baab /t 4656 /p 2388

C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe

"C:\Users\Admin\Desktop\Quasar v1.4.0\Quasar.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5680 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.0\quasar.p12"

C:\Windows\explorer.exe

C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6300 /prefetch:8

C:\Users\Admin\Downloads\Client-built.exe

"C:\Users\Admin\Downloads\Client-built.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4120 /prefetch:8

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\Downloads\Client-built.exe" /rl HIGHEST /f

C:\Windows\system32\SubDir\Client.exe

"C:\Windows\system32\SubDir\Client.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Windows\system32\SubDir\Client.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=844 /prefetch:8

C:\Users\Admin\Downloads\asdada.exe

"C:\Users\Admin\Downloads\asdada.exe"

C:\Users\Admin\Downloads\asdada.exe

"C:\Users\Admin\Downloads\asdada.exe"

C:\Users\Admin\Downloads\asdada.exe

"C:\Users\Admin\Downloads\asdada.exe"

C:\Users\Admin\Downloads\not.exe

"C:\Users\Admin\Downloads\not.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\Downloads\not.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RmaiLobjb9a3.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\b1n8tQAuoKTl.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\eFcqirHtFlWY.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Cv8qaF4ABdpO.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\L0l69n849B8O.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ZQNAiWRIauOj.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\XjAtX7RNKPT0.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\lzFmEPo8hcj7.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\pVj8ubBAANTh.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\TYobGV7NVRs9.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\OtFDgHarwQwm.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\RzEzOmXxtMPJ.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\d9XQdBo7QZKy.bat" "

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Roaming\SubDir\dded.exe

"C:\Users\Admin\AppData\Roaming\SubDir\dded.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\dded.exe" /rl HIGHEST /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6728 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1596,12478894036596472911,8898432903808990469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7576 /prefetch:8

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\COMPILED.zip"

C:\Program Files\WinRAR\WinRAR.exe

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\COMPILED.zip"

C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe

"C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Downloads\AsyncClient.exe

"C:\Users\Admin\Downloads\AsyncClient.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Microsoft" /tr '"C:\Users\Admin\AppData\Roaming\Microsoft.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp8AE2.tmp.bat""

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "Microsoft" /tr '"C:\Users\Admin\AppData\Roaming\Microsoft.exe"'

C:\Users\Admin\AppData\Roaming\Microsoft.exe

"C:\Users\Admin\AppData\Roaming\Microsoft.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\jehavv.exe"' & exit

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\jehavv.exe"'

C:\Users\Admin\AppData\Local\Temp\jehavv.exe

"C:\Users\Admin\AppData\Local\Temp\jehavv.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"powershell" Get-MpPreference -verbose

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 360 -p 2820 -ip 2820

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2820 -s 4208

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 468 -p 2820 -ip 2820

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2820 -s 3528

C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe

"C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe

"C:\Users\Admin\Desktop\AsyncRAT v0.5.7B\AsyncRAT.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x504 0x4f4

C:\Windows\regedit.exe

"C:\Windows\regedit.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc6f146f8,0x7ffbc6f14708,0x7ffbc6f14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2168,8332476760378924369,7374153613010827787,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc6f146f8,0x7ffbc6f14708,0x7ffbc6f14718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,6512127291166401712,477307150648471237,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 /prefetch:8

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
N/A 8.8.8.8:53 clients2.google.com udp
N/A 8.8.8.8:53 accounts.google.com udp
N/A 172.217.168.238:443 clients2.google.com tcp
N/A 142.251.36.45:443 accounts.google.com tcp
N/A 93.184.220.29:80 tcp
N/A 93.184.220.29:80 tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 8.8.8.8:53 apis.google.com udp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:53 lh5.googleusercontent.com udp
N/A 142.251.36.1:443 lh5.googleusercontent.com tcp
N/A 8.8.8.8:53 www.win-rar.com udp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:53 apps.identrust.com udp
N/A 2.19.126.218:80 apps.identrust.com tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 142.251.36.10:443 content-autofill.googleapis.com tcp
N/A 216.58.208.110:443 apis.google.com udp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
N/A 216.58.208.99:443 ssl.gstatic.com tcp
N/A 8.8.8.8:443 dns.google tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 104.80.225.205:443 tcp
N/A 142.251.36.1:443 lh5.googleusercontent.com udp
N/A 142.250.179.163:443 id.google.com tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 142.250.179.163:443 udp
N/A 142.251.36.54:443 i.ytimg.com tcp
N/A 142.251.36.34:443 googleads.g.doubleclick.net tcp
N/A 142.251.36.6:443 static.doubleclick.net tcp
N/A 142.250.179.138:443 udp
N/A 142.251.36.34:443 udp
N/A 142.251.36.6:443 udp
N/A 93.184.221.240:80 tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.163:443 update.googleapis.com tcp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 142.250.200.3:443 beacons.gcp.gvt2.com tcp
N/A 142.250.204.99:443 beacons2.gvt2.com tcp
N/A 142.250.204.99:443 tcp
N/A 142.251.36.45:443 accounts.google.com udp
N/A 142.251.36.54:443 udp
N/A 142.250.204.99:443 udp
N/A 8.8.8.8:443 dns.google tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.170:443 safebrowsing.googleapis.com tcp
N/A 142.250.179.163:443 udp
N/A 142.250.179.170:443 udp
N/A 140.82.113.4:443 github.com tcp
N/A 140.82.113.4:443 tcp
N/A 185.199.108.154:443 github.githubassets.com tcp
N/A 185.199.108.154:443 tcp
N/A 185.199.108.154:443 tcp
N/A 185.199.108.133:443 avatars.githubusercontent.com tcp
N/A 185.199.108.154:443 github.githubassets.com tcp
N/A 140.82.113.21:443 collector.github.com tcp
N/A 140.82.112.6:443 api.github.com tcp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 142.250.179.142:443 google.com tcp
N/A 142.250.200.3:443 udp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 51.195.68.163:443 www.win-rar.com tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.206:443 sb-ssl.google.com tcp
N/A 216.58.208.99:443 beacons3.gvt2.com tcp
N/A 216.58.208.99:443 udp
N/A 142.251.36.45:443 accounts.google.com udp
N/A 13.107.21.200:443 tcp
N/A 142.251.36.1:443 lh5.googleusercontent.com udp
N/A 20.189.173.2:443 tcp
N/A 142.250.179.170:443 udp
N/A 142.251.36.34:443 udp
N/A 142.251.36.6:443 udp
N/A 142.250.179.138:443 udp
N/A 142.250.179.142:443 udp
N/A 127.0.0.1:9229 tcp
N/A 142.250.200.3:443 udp
N/A 127.0.0.1:9229 tcp
N/A 172.217.168.238:443 clients2.google.com udp
N/A 8.8.8.8:53 edgedl.me.gvt1.com udp
N/A 142.250.200.3:443 udp
N/A 142.251.36.10:443 udp
N/A 8.8.8.8:443 dns.google udp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.170:443 udp
N/A 172.217.168.238:443 clients2.google.com udp
N/A 142.250.179.163:443 udp
N/A 142.250.200.3:443 udp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
N/A 8.8.8.8:443 dns.google udp
N/A 142.251.36.54:443 udp
N/A 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
N/A 142.251.39.110:443 encrypted-tbn2.gstatic.com tcp
N/A 142.251.36.34:443 udp
N/A 142.251.36.6:443 udp
N/A 142.250.179.138:443 udp
N/A 142.250.179.170:443 udp
N/A 142.250.179.163:443 udp
N/A 142.250.200.3:443 udp
N/A 142.250.179.206:443 udp
N/A 142.250.179.163:443 udp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.142:443 safebrowsing.google.com tcp
N/A 8.8.8.8:53 notifier.win-rar.com udp
N/A 51.195.68.173:443 notifier.win-rar.com tcp
N/A 51.195.68.173:443 notifier.win-rar.com tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.179.163:443 udp
N/A 142.250.179.163:443 udp
N/A 142.250.179.163:443 udp
N/A 142.250.179.163:443 udp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.200.3:443 udp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 8.8.8.8:443 dns.google udp
N/A 172.217.168.227:443 beacons.gvt2.com tcp
N/A 172.217.168.227:443 udp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 8.8.8.8:443 dns.google udp
N/A 142.250.200.3:443 udp
N/A 172.217.168.238:443 clients2.google.com udp
N/A 34.131.78.121:443 e2c7.gcp.gvt2.com tcp
N/A 34.131.78.121:443 tcp
N/A 127.0.0.1:4782 tcp
N/A 8.8.8.8:53 tools.keycdn.com udp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 8.8.8.8:53 api.ipify.org udp
N/A 64.185.227.156:443 api.ipify.org tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 64.185.227.156:443 api.ipify.org tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 64.185.227.156:443 api.ipify.org tcp
N/A 127.0.0.1:4782 tcp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.4.4:443 dns.google udp
N/A 216.239.32.116:443 beacons4.gvt2.com tcp
N/A 142.250.200.3:443 udp
N/A 216.239.32.116:443 udp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 64.185.227.156:443 api.ipify.org tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 127.0.0.1:4782 tcp
N/A 185.172.148.96:443 tools.keycdn.com tcp
N/A 64.185.227.156:443 api.ipify.org tcp
N/A 185.199.108.154:443 tcp
N/A 8.8.4.4:443 dns.google udp
N/A 142.250.200.3:443 udp
N/A 140.82.114.3:443 github.com tcp
N/A 140.82.114.21:443 collector.github.com tcp
N/A 140.82.112.5:443 api.github.com tcp
N/A 8.8.4.4:443 dns.google udp
N/A 216.58.208.106:443 udp
N/A 8.8.4.4:443 dns.google udp
N/A 142.250.179.206:443 udp
N/A 142.250.179.142:443 udp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:1973 tcp
N/A 127.0.0.1:1973 tcp
N/A 127.0.0.1:1973 tcp
N/A 8.8.4.4:443 dns.google udp
N/A 140.82.113.5:443 api.github.com tcp
N/A 8.8.4.4:443 dns.google udp
N/A 140.82.113.4:443 github.com tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:6606 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:7707 tcp
N/A 127.0.0.1:1973 tcp
N/A 127.0.0.1:8808 tcp
N/A 13.107.21.200:443 www.bing.com tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 131.253.33.200:443 www.bing.com tcp
N/A 8.8.8.8:53 edge.microsoft.com udp
N/A 131.253.33.239:443 edge.microsoft.com tcp
N/A 8.8.8.8:53 apis.google.com udp
N/A 8.8.8.8:53 ogs.google.com udp
N/A 216.58.208.110:443 apis.google.com tcp
N/A 8.8.8.8:53 nav.smartscreen.microsoft.com udp
N/A 142.250.179.206:443 ogs.google.com tcp
N/A 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
N/A 8.8.8.8:53 ssl.gstatic.com udp
N/A 216.58.208.99:443 ssl.gstatic.com tcp
N/A 8.8.8.8:53 smartscreen-prod.microsoft.com udp
N/A 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
N/A 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
N/A 20.73.130.64:443 smartscreen-prod.microsoft.com tcp
N/A 8.8.8.8:53 play.google.com udp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com tcp
N/A 142.251.36.14:443 play.google.com udp
N/A 8.8.8.8:53 dns.google udp
N/A 8.8.4.4:443 dns.google tcp
N/A 8.8.4.4:443 dns.google tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 127.0.0.1:8808 tcp
N/A 8.8.8.8:53 ntp.msn.com udp
N/A 131.253.33.200:443 www.bing.com tcp
N/A 8.8.8.8:53 nav.smartscreen.microsoft.com udp
N/A 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
N/A 8.8.8.8:53 assets.msn.com udp
N/A 95.101.74.139:443 assets.msn.com tcp
N/A 95.101.74.139:443 assets.msn.com tcp
N/A 95.101.74.139:443 assets.msn.com tcp
N/A 95.101.74.139:443 assets.msn.com tcp
N/A 95.101.74.139:443 assets.msn.com tcp
N/A 8.8.8.8:53 c.bing.com udp
N/A 8.8.8.8:53 c.msn.com udp
N/A 204.79.197.200:443 c.bing.com tcp
N/A 8.8.8.8:53 img-s-msn-com.akamaized.net udp
N/A 20.234.93.27:443 c.msn.com tcp
N/A 8.8.8.8:53 sb.scorecardresearch.com udp
N/A 104.109.143.75:443 img-s-msn-com.akamaized.net tcp
N/A 18.65.39.29:443 sb.scorecardresearch.com tcp
N/A 8.8.8.8:53 browser.events.data.msn.com udp
N/A 20.189.173.2:443 browser.events.data.msn.com tcp
N/A 20.189.173.2:443 browser.events.data.msn.com tcp
N/A 131.253.33.239:443 edge.microsoft.com tcp
N/A 8.8.8.8:53 privacyportal.onetrust.com udp
N/A 104.18.26.85:443 privacyportal.onetrust.com tcp
N/A 127.0.0.1:8808 tcp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

\??\pipe\crashpad_4056_UPAPTZAJOSRXBNYG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\crashpad_4204_EYJANMAXJCALDOEL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

\??\pipe\crashpad_1324_OTGOCAPIOLLKOAEB

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 f9117eef265e523cfb5089ab5388e102
SHA1 13da751278466c6af5b00499ddc8f4cc129a6056
SHA256 97625a9a59a2481937e156777eb38537f212ad290e3c9d974f5c558ddd490268
SHA512 14fb42f95120fefe78ad63945521cbef00ddbeec7619b08855b580eef59769d051ccdd05a7409347bdbb0c85c1f934f4dc91928f9122ad12bd66dbb97934f6fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a99ab00491c80840cf9ef0bed5fa69dd
SHA1 57e0102f1d1dc8b6b0c517efef1e3306c72d7ccf
SHA256 05e8091ca9efb7c1516809e3c83b50a37a36f490ecabaf55d8fe0672fd852769
SHA512 d50a998365f4c57c602939614cbfe4c0ec0d58c19be72c89ad7929a7bb26b51daa1bdbf97456680975e81e7a200e775b1baf03db57bc16fee81a5fda843f8611

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49880feb55eab190378fac297f08ba70
SHA1 c1f7ac4bbd9c5f887609bc876b5296155c2630f7
SHA256 8642a9aa62027763803a6efc46bd3b2f0d37df279a34aebef00875a8d4f1a0b2
SHA512 2ca94989f48e6f3bb58e5e4d031b0a079ef0a99935af9fc7d2b0042b1827704419eaaa6df1af48f878ebe4d803fea103fcd09376a2cb4948b352956ec5e69bc0

memory/3696-143-0x0000000000000000-mapping.dmp

memory/1680-145-0x0000000000000000-mapping.dmp

memory/1860-146-0x0000000000000000-mapping.dmp

memory/3096-147-0x0000000000000000-mapping.dmp

memory/4388-148-0x0000000000000000-mapping.dmp

memory/2388-151-0x000001C86AB40000-0x000001C86AC78000-memory.dmp

memory/2388-152-0x000001C86CF80000-0x000001C86CF96000-memory.dmp

memory/2388-153-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2388-154-0x000001C870DD0000-0x000001C871092000-memory.dmp

memory/2388-155-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2388-156-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4944-157-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4944-158-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/3652-159-0x0000000000000000-mapping.dmp

memory/4944-160-0x0000020925720000-0x0000020925738000-memory.dmp

memory/4944-161-0x0000020925790000-0x00000209257E0000-memory.dmp

memory/4944-162-0x00000209258A0000-0x0000020925952000-memory.dmp

memory/4944-163-0x00000209257E0000-0x000002092582C000-memory.dmp

memory/4944-164-0x0000020928AD0000-0x0000020928B2A000-memory.dmp

memory/4944-165-0x0000020926D00000-0x0000020926D1A000-memory.dmp

memory/3568-166-0x0000000000C40000-0x0000000000CC4000-memory.dmp

memory/3568-167-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2144-168-0x0000000000000000-mapping.dmp

memory/4064-169-0x0000000000000000-mapping.dmp

memory/3568-170-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4064-171-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/1288-172-0x0000000000000000-mapping.dmp

memory/4064-173-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4944-174-0x00000209241E9000-0x00000209241EF000-memory.dmp

memory/5072-175-0x0000000000700000-0x0000000000784000-memory.dmp

memory/5072-176-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/5072-177-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2616-178-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2616-179-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4116-180-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4116-181-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4300-182-0x00000000006C0000-0x0000000000744000-memory.dmp

memory/4300-183-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4636-184-0x0000000000000000-mapping.dmp

memory/4108-185-0x0000000000000000-mapping.dmp

memory/4300-186-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4108-187-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4912-188-0x0000000000000000-mapping.dmp

memory/3348-189-0x0000000000000000-mapping.dmp

memory/4108-191-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2136-190-0x0000000000000000-mapping.dmp

memory/3648-192-0x0000000000000000-mapping.dmp

memory/1560-193-0x0000000000000000-mapping.dmp

memory/1560-194-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4916-195-0x0000000000000000-mapping.dmp

memory/2284-196-0x0000000000000000-mapping.dmp

memory/1560-197-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2520-198-0x0000000000000000-mapping.dmp

memory/408-199-0x0000000000000000-mapping.dmp

memory/3592-200-0x0000000000000000-mapping.dmp

memory/3592-201-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/3556-202-0x0000000000000000-mapping.dmp

memory/4276-203-0x0000000000000000-mapping.dmp

memory/3592-205-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2232-204-0x0000000000000000-mapping.dmp

memory/3772-206-0x0000000000000000-mapping.dmp

memory/1520-207-0x0000000000000000-mapping.dmp

memory/4944-208-0x0000020925980000-0x0000020925992000-memory.dmp

memory/1520-209-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/64-210-0x0000000000000000-mapping.dmp

memory/5092-211-0x0000000000000000-mapping.dmp

memory/1520-212-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4532-213-0x0000000000000000-mapping.dmp

memory/4344-214-0x0000000000000000-mapping.dmp

memory/3980-215-0x0000000000000000-mapping.dmp

memory/3980-216-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/3612-217-0x0000000000000000-mapping.dmp

memory/4152-218-0x0000000000000000-mapping.dmp

memory/1532-219-0x0000000000000000-mapping.dmp

memory/3980-221-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2240-220-0x0000000000000000-mapping.dmp

memory/4164-222-0x0000000000000000-mapping.dmp

memory/4164-223-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/3776-224-0x0000000000000000-mapping.dmp

memory/2664-225-0x0000000000000000-mapping.dmp

memory/4164-226-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/408-227-0x0000000000000000-mapping.dmp

memory/528-228-0x0000000000000000-mapping.dmp

memory/2824-229-0x0000000000000000-mapping.dmp

memory/2824-230-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2988-231-0x0000000000000000-mapping.dmp

memory/3652-232-0x0000000000000000-mapping.dmp

memory/2824-233-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2704-234-0x0000000000000000-mapping.dmp

memory/4664-235-0x0000000000000000-mapping.dmp

memory/920-236-0x0000000000000000-mapping.dmp

memory/920-237-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/1220-238-0x0000000000000000-mapping.dmp

memory/456-239-0x0000000000000000-mapping.dmp

memory/920-240-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/3916-241-0x0000000000000000-mapping.dmp

memory/1336-242-0x0000000000000000-mapping.dmp

memory/3996-243-0x0000000000000000-mapping.dmp

memory/3996-244-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4332-245-0x0000000000000000-mapping.dmp

memory/3424-246-0x0000000000000000-mapping.dmp

memory/3996-247-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/644-248-0x0000000000000000-mapping.dmp

memory/2324-249-0x0000000000000000-mapping.dmp

memory/3776-250-0x0000000000000000-mapping.dmp

memory/3776-251-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/676-252-0x0000000000000000-mapping.dmp

memory/4888-253-0x0000000000000000-mapping.dmp

memory/3776-254-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4256-255-0x0000000000000000-mapping.dmp

memory/4068-256-0x0000000000000000-mapping.dmp

memory/1308-257-0x0000000000000000-mapping.dmp

memory/1308-258-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4124-259-0x0000000000000000-mapping.dmp

memory/2404-260-0x0000000000000000-mapping.dmp

memory/1308-261-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/2540-262-0x0000000000000000-mapping.dmp

memory/1956-263-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/1956-264-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4796-265-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4796-266-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4392-267-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4392-268-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4064-269-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4944-270-0x00007FFBD8190000-0x00007FFBD8C51000-memory.dmp

memory/4944-271-0x00000209241E9000-0x00000209241EF000-memory.dmp

memory/2820-272-0x000001FA60070000-0x000001FA606D6000-memory.dmp

memory/2820-273-0x00007FFBD8170000-0x00007FFBD8C31000-memory.dmp