quasar | 794ab1c8fbed6cd49b790e9bf818cf05f5d84ea1cf2e3bb4d10066212d320673

Analysis

max time kernel
1799s
max time network
1798s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
18-05-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dub.exe
Size

3.1MB
MD5

a1feb599f38dc8b1b1a5ac8f1f5ef64b
SHA1

664504a4f079c6486f8251e64df4e8825fd890fa
SHA256

794ab1c8fbed6cd49b790e9bf818cf05f5d84ea1cf2e3bb4d10066212d320673
SHA512

1f846a5d0b1b3be8d1b7c77abe6cd59907980d37f73ff076dcd2f4271b2a7233a9bab29a7651503b120fb505f81adecd067558d60fea49091221f081f083a42e
SSDEEP

49152:qvTt62XlaSFNWPjljiFa2RoUYIK7xNESE+k/ivLoGdBTHHB72eh2NT:qvB62XlaSFNWPjljiFXRoUYIqxVz

Score

10^/10

quasar consis spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

consis

192.168.0.75:4782

Mutex

52e32865-8201-40c9-906f-bc3ad9f73302

Attributes

encryption_key
3F4E1662FE86BE65EF2C4E1F0FEFAABC94765DDB
install_name
windows1.exe
log_directory
Logs
reconnect_delay
1500
startup_key
conhost
subdirectory
Windows123

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4072-1-0x0000000000030000-0x0000000000354000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe	family_quasar

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

windows1.exedub.exedub.exe

pid process

1464 windows1.exe
4740 dub.exe
2540 dub.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

128 mediafire.com
126 mediafire.com
127 mediafire.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exeschtasks.exe

pid process

624 schtasks.exe
1444 schtasks.exe

flow	ioc
128	mediafire.com
126	mediafire.com
127	mediafire.com

pid	process
624	schtasks.exe
1444	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133605296079686114"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3972 chrome.exe
3972 chrome.exe
3972 chrome.exe
3972 chrome.exe
468 chrome.exe
468 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

windows1.exe

pid process

1464 windows1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

chrome.exe

pid	process
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

dub.exewindows1.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4072	dub.exe
Token: SeDebugPrivilege	1464	windows1.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe
Token: SeShutdownPrivilege	3972	chrome.exe
Token: SeCreatePagefilePrivilege	3972	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

windows1.exechrome.exe

pid	process
1464	windows1.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

windows1.exechrome.exe

pid	process
1464	windows1.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe
3972	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

windows1.exe

pid process

1464 windows1.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

dub.exewindows1.exechrome.exe

description	pid	process	target process
PID 4072 wrote to memory of 624	4072	dub.exe	schtasks.exe
PID 4072 wrote to memory of 624	4072	dub.exe	schtasks.exe
PID 4072 wrote to memory of 1464	4072	dub.exe	windows1.exe
PID 4072 wrote to memory of 1464	4072	dub.exe	windows1.exe
PID 1464 wrote to memory of 1444	1464	windows1.exe	schtasks.exe
PID 1464 wrote to memory of 1444	1464	windows1.exe	schtasks.exe
PID 3972 wrote to memory of 4544	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4544	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 3116	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 5076	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 5076	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe
PID 3972 wrote to memory of 4516	3972	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\dub.exe
"C:\Users\Admin\AppData\Local\Temp\dub.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4072

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "conhost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe" /rl HIGHEST /f
2⤵
- Creates scheduled task(s)
PID:624

C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe
"C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464

C:\Windows\SYSTEM32\schtasks.exe
"schtasks" /create /tn "conhost" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe" /rl HIGHEST /f
3⤵
- Creates scheduled task(s)
PID:1444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe70b1ab58,0x7ffe70b1ab68,0x7ffe70b1ab78
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:2
2⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:1036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4360 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1740 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3812 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:2116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:4140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5080 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4560 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4684 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4568 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1628 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1684 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4608 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5056 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4124 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5076 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:4480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3828 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4696 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5220 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2744 --field-trial-handle=1912,i,4171169803112683406,3236204397764105947,131072 /prefetch:8
2⤵
PID:3572

C:\Users\Admin\Downloads\dub.exe
"C:\Users\Admin\Downloads\dub.exe"
2⤵
- Executes dropped EXE
PID:4740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4088

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4744

C:\Users\Admin\Downloads\dub.exe
"C:\Users\Admin\Downloads\dub.exe"
1⤵
- Executes dropped EXE
PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5c331088097efa7b106e3ad09dba4caf

SHA1
7eb95123e644c746e9f8b9ac7c99fa6dd6efa35a

SHA256
9f74954db88a82c8a76c3661d446ec0177cfee3f4d4a9bc3a7e1610033bc3a4d

SHA512
40934f4969954f7cfdcaf5af211e21fc291df02b1a6284383d434f53692bcc3e6daf90eebc0231eb9954187ed751a29deef95b95c268d276ffc4cca30f89f516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
de30d6fca60bbc64a2eebf8c4255ea15

SHA1
ea73356aab99c5d2d3e0f57960ac4f699509ed2d

SHA256
cb11896cf74f1eb822d09c0e31cfc4b397555e3ed77029d12753d63d9878d641

SHA512
da3f3422c205978bb39bde4df6fad05ba8ab3d978b54022d8d537d633d853c3847077ad3ec4a9231e1b3b4f244961e67e87f2376dfea825933eb9521b68a782f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9d1bb32b15d23c63f92739334c32f62

SHA1
cd5f29dbc590fcd7d20c016abffc481fddd9ff63

SHA256
7c74ef626db8eacb228f683a8674621e4edc9a7b476210e0973df8119f0486b1

SHA512
950b0733d05c1a3d9f6771da2612d048d1266b4e45200d7d2b36088864a11dbf73ac237fd1bced6da5f5ed200d5efd989097ad7a00520cba5c91bf16504d5515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
904e7aef32be2b3b3fd07783279bce25

SHA1
c800c8b21477951a78fb09f8bc951461d18c7cbf

SHA256
056ab4b4df4571b5e5e915af6a9df3ff61005680df1b0d00c047722525e36412

SHA512
522784ead719aeae7cbc9d9552984ef5d4bd8a24c188b48fbdafac99fa29af35b823f092f0c0e580f11252942771064cebde222617f4df65ece2fd89c058fde9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a22f5869f8067f3c6a044cbb8f164f11

SHA1
321ff82318a2d80339f57f2f5dd82c604ee03d81

SHA256
1fa83276e6617fab69d34442ec67d733059ba667399a0df00850ff86f2176521

SHA512
feec1ce7a9b81ec94ae247580dba3b319dc9724b0c9b3e99133ca6862a2e39c006eb5b25e0c1aeb8846fc1d58925dd02c5d6d3c92d44c1650690b7078a4f1eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c1bd6ba3ab78475d9b88f517ae54f935

SHA1
07012f1ca1d8a79986774e32e862d3d04cdc2ae7

SHA256
0f58c84be68355a0abf23f590d9d2556905530095564693b95654c54e2681c01

SHA512
649f2f9657f81a9b5dec573ef14c3a9f8149266360b779b263ce02d1d03fb5ef59825886b27442b35b4a9cd79223329ba6dcebbe577607a714f1edc9cb648df9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8b411013ade19672beaf7d4ea80cfe86

SHA1
097e70916659efb221fe9ad8d66dcbf9dca3281a

SHA256
d931a0cba9496bcb6076881a0149c51b0b1a3ca6cd3a0dc9209323d90bd73687

SHA512
df3164292521e2de1f2a4d638684cfea82c7117d06be7c4d7df1126d75151607480c43037698627993e5927ab0cce1ca002a3f26eb78a5848a07744f4deb5814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
978c3f0dce58e02b8f39d1f1d7e2cf17

SHA1
5ba089c8d67aa9d29751e10e1eba3fdf1d6cd23f

SHA256
73708bee7d669b1fcb71e14e6785e160c61495a8c8471508ac60ab73f04d7282

SHA512
e8f68c682bf165930b189fe31d90be70873379435a74ae788377c51d5f3badf3f0c1bb4620c198684c9e826542522a354de2afdd47e6aa7e7fb0ef23895b56e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce9003bd8f613b88486f5db39c6c8959

SHA1
e42339042c1ae0b7c252d41102355198aac8bbf5

SHA256
27225baf76695733259dc16f56d1ff3fe28b521dd07d1c5e405525b8369f05ae

SHA512
cfc8024ed802fd920ddea3ba689376ebf12b9a6720c44447f703e6b61b7eb41fc0a0f439a44fc869f88b7b17a99fba3c6c8515b516aace0981c9143d10d61d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
d8bff2051fa7e8906a808667daf5a7c9

SHA1
e7a0dec58fb866c5b93e8ab9e79ad9320fd07ca8

SHA256
7f9f7f58dff861b6c73a6b797401e1e8482e18cc5b76fbe72f05ec98beec0c94

SHA512
199d44fcb68d3ffe524eaa0296a3bc0dd0afc5861277fbbe7845a0c5bc4cf83bd5ed58e2504481c3730b03457d1c27f7c1f9616b2a5c9b03f8af770b2c2a8066

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68a29e85efe4cede98c3e2cc98426320

SHA1
50a62be4801db8e262a173ecd8d5118c67b4ba82

SHA256
d6846a14a4312b47fbd0a71b218f6239698cb22eddb41ca7add110c919cf1b85

SHA512
723939ac66d133753acc8cc694f398f4169ba745a88d77dd51b9a4a761c95eddaaef8b2b4a77377a7f9f9cf25235b7e08301980057ab1688dd99767b36cd315a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7ccf01b49fc28e87755130cdca38e15c

SHA1
c007c512e0fa0dc94e7f9d27aeb13055bb50e615

SHA256
9c52584a699c952c96dc018d14b1b004b39a440d050989f43dbab383c1ff6034

SHA512
6ffc6a1f8f4f2d1d60bddb44b1a0f4972301862d389979863b64f947f3bafdf75b2a5993ff25c24717c4ee07578f64ead7d072be6197d3a0a522d1bdfc16a58a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92aae95a3ea7b88e96aa7b284c4340ff

SHA1
01aa0fc18473631a006c37a81f3b6709e3b3e252

SHA256
159f014b0cddac08ac4e1ad7819d4aa1c087f6d526e958d3ef788d8720e4d2c9

SHA512
6be710e6a4263b655016d11ca3d7c819056ee79d69aac31d6593c0b0dd2f1a8ee25b5e8c49c1b7efdf4779cc34e09a66f5e61fedf3c66217f30d6b9eb70eb3c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
469e7d516152c492fec78a7d30639ac0

SHA1
759a7fee5adefa983deee54247b6975e946270d8

SHA256
f343a0837aa9f5f4ffd02828cd2189a59b9989c42ee174f6fe1c285726d7adf4

SHA512
1bbe57481a522c55c9f7118751cb4010be8c543ca9b8dd9c4e446834caaaca8a2f9f84c0b03d87cdb9ac265c6e7a1b6831469aa7b84b09e036ced6eb7a3facec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
a129c45390cec3549d2eaa73ad50a793

SHA1
9d4395b62f1ffb8c65f9674fb2369e84d181603b

SHA256
8f3c830bcd82eeb9f70a111ce530058a4177ac11f38d6bee71ea7891af71d1f4

SHA512
c6f2cab17683de8d3ce62cfb26aa5936ba59704358ae6def93ddee6fb0c0d3024bb552245502b296ea82dbd155ae5cd64f85192a8d727303324626a342adb601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
652f79868898e6f9a2a13db56deacc96

SHA1
cb126ba72b0a3885bc280bc4e668c3a345cc527a

SHA256
fef8c414892d7261a1f1be78c1a25840336e1366f53ef015588a9985d69e5383

SHA512
244b09d4801f340987800e605b2efac0bc2b9d48c804f5411928f635e9eac076d50efe4304005aa958bf7389c3750f80650eacb385af10b89b432b9dd270dd00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c509c6aacac00e72d7954e0780db29af

SHA1
d5d31e4f18b0c1d50ced442fe50ddd517d517ec9

SHA256
b145deda0c4a9d1bbe2ef990ff773a4fd324eb2d49e251d04b4daaceaae0bead

SHA512
ce9341f092eab2006ddb867f38a69c29bdf140c85871172e623ad87e5e4d1645484dc45a88ced1e9b307c9c7b8f7d28e79be67a0344412c300533d13ab048155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
c8dfb2b711711a555fab6188bee726d0

SHA1
ec2747f38c36c44680a2688eb798e20bbacf2ec9

SHA256
37c1916d7792fd7a82720a71fad60adcca105882acb1cb6aa31b778e6aebdd13

SHA512
f5ee1bfd63d982da256fde54beaee203c711c0fd419eb404fe99b9da697809c5932e5caa1dcff039d0bcfbbf8a21cb27362d7804f4046593999932a7e9ecf37e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
0d93e1265f58bea3019699527832e392

SHA1
3280c0629cd390b2fd7dbfe0575927e4a44b09e3

SHA256
f35e94051c5a07ae03218cac20ad6b31a888412b62d388c88f73b85a6db28d0e

SHA512
6eacf286d2ad4a0e84f05c66661c06eef8beff2aaaeeabb5c956737e30e90b94ce180fc48409773ba6356f488f2bebd72f6faffaccc7f93e129d987423688e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
d63dd99c16ff1852832ac60ec7dd4f85

SHA1
057856481fb46289c35ca356cfb4a2b46686912a

SHA256
fa9068753e3b1927202ce4151f000c2c267ea977fcdb5dc0d5270d4ef5cdf4da

SHA512
2b71b88633fabc9ae28ae0a881748d75160d427a31f5d870cb92a65288e1254e6018305e3d23437809842b80fd0e1b35475701f3c6c5723eb27d861d99768e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
e0eee024f748766321c94a482137b1e9

SHA1
5e49043e37e9b983f53094f52876ab63f3bfda0c

SHA256
91b5baae8835fe8bd858e9e35fd3c270c71ac84470b4a63051168a88489a597c

SHA512
f948e7f8047bc977553d58d77ef266a7366db41be7d8a8f2f15938d90dc0e56dea1ef50482f3d98ee232fa220e3761b744b225c6fe84b591b381a33aacb39edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581c1e.TMP

Filesize
88KB

MD5
46c78c7aa91aa7c0d316d9a1072812e5

SHA1
0b69fc4ccc4d3f2bfa031f3da396a176189dcfca

SHA256
3103a8d96d9dc0b9758a8f2b0b9341f581776d7573070b1cc654b181850c5047

SHA512
ba558642c0c378595d564f98f113134ae64acbe34e9d9f8318974d91d6e4a0c67ae6104b41b5eaf7c8a6fbc34e1153809a3867646b041a0a5c0b904fc1b9f1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dub.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Roaming\Windows123\windows1.exe

Filesize
3.1MB

MD5
a1feb599f38dc8b1b1a5ac8f1f5ef64b

SHA1
664504a4f079c6486f8251e64df4e8825fd890fa

SHA256
794ab1c8fbed6cd49b790e9bf818cf05f5d84ea1cf2e3bb4d10066212d320673

SHA512
1f846a5d0b1b3be8d1b7c77abe6cd59907980d37f73ff076dcd2f4271b2a7233a9bab29a7651503b120fb505f81adecd067558d60fea49091221f081f083a42e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 137067.crdownload

Filesize
8KB

MD5
f492fb573b8b8a91eaf109dd9d90183c

SHA1
6fa674f97fe844e6b3ba6d723c0b3d3621736b0d

SHA256
dcfbe0c78c83b4a9cc09a4b4d29cf5ca860a411f1d87f35e46ba81c1e8e85934

SHA512
7738567dad102806d84dc5ad347e38ebd2517a29649932a66b8cac3c628a54276de10747352c7c5c6a0f00ee95f96e9035f6416afa19c0bec365363447efcd21

Download Submit
\??\pipe\crashpad_3972_DAPFXSIXHPGXWBYF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1464-12-0x000000001C380000-0x000000001C3D0000-memory.dmp

Filesize
320KB

Download
memory/1464-121-0x000000001CDC0000-0x000000001D2E8000-memory.dmp

Filesize
5.2MB

Download
memory/1464-11-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/1464-13-0x000000001C490000-0x000000001C542000-memory.dmp

Filesize
712KB

Download
memory/1464-10-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/1464-56-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/1464-78-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/4072-0-0x00007FFE770A3000-0x00007FFE770A5000-memory.dmp

Filesize
8KB

Download
memory/4072-9-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/4072-2-0x00007FFE770A0000-0x00007FFE77B61000-memory.dmp

Filesize
10.8MB

Download
memory/4072-1-0x0000000000030000-0x0000000000354000-memory.dmp

Filesize
3.1MB

Download