bazarloader | 3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615

Analysis

max time kernel
98s
max time network
155s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27-08-2023 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qbittorrent_4.5.4_x64_setup.exe
Size

31.3MB
MD5

6e35e4512488a44ebf34bff82dc4724f
SHA1

38903134b1a0a774cdcf728d3484493e7d83592a
SHA256

3ba266ddbe5624aeedec1a23c6bf86d6cfd5b547e8c1a31169f6a08434c9e615
SHA512

a6faa23d08c34da39111b9da1d9be62eb9486d010b6217b0aaacaa0cc240bca4e305bdbdaf1f4175f4a4ddb12530ddecc3c488d1620e2ead20b9e90f3cbe6a1e
SSDEEP

786432:rVrG7dnL27saKvlVIbS7ykgixD9ZLstXfL:rVrsdn0sa8IbShgiVXLstXT

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 8 IoCs

Processes:

resource	yara_rule
\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
C:\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5
\Program Files\qBittorrent\qbittorrent.exe	BazarLoaderVar5

Executes dropped EXE 1 IoCs

Processes:

qbittorrent.exe

pid process

436 qbittorrent.exe

Loads dropped DLL 12 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exe

pid	process
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
2072	qbittorrent_4.5.4_x64_setup.exe
1228
1228
1228

Drops file in Program Files directory 37 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exe

description	ioc	process
File created	C:\Program Files\qBittorrent\translations\qtbase_ar.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ca.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fi.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_lv.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qt.conf	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_pt_PT.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fa.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.exe	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_da.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ko.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nn.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_sk.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_de.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_he.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ru.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_tr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\uninst.exe	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.pdb	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_gd.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_es.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fr.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_it.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_bg.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_cs.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sv.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ja.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_uk.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_gl.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_lt.qm	qbittorrent_4.5.4_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hu.qm	qbittorrent_4.5.4_x64_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 44 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\.torrent	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\ = "qBittorrent Torrent File"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\ = "open"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.torrent	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\.torrent\ = "qBittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\ = "URL:Magnet link"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\Content Type = "application/x-magnet"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\FriendlyTypeName = "qBittorrent Torrent File"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\URL Protocol	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\shell\open	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "qBittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4159544280-4273523227-683900707-1000_CLASSES\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_4.5.4_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet link"	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet\DefaultIcon	qbittorrent_4.5.4_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent	qbittorrent_4.5.4_x64_setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

qbittorrent.exe

pid process

436 qbittorrent.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exechrome.exe

pid process

2072 qbittorrent_4.5.4_x64_setup.exe
2088 chrome.exe
2088 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

qbittorrent.exe

pid process

436 qbittorrent.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

qbittorrent.exechrome.exe

pid	process
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of SendNotifyMessage 39 IoCs

Processes:

qbittorrent.exechrome.exe

pid	process
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
436	qbittorrent.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

qbittorrent_4.5.4_x64_setup.exechrome.exe

description	pid	process	target process
PID 2072 wrote to memory of 436	2072	qbittorrent_4.5.4_x64_setup.exe	qbittorrent.exe
PID 2072 wrote to memory of 436	2072	qbittorrent_4.5.4_x64_setup.exe	qbittorrent.exe
PID 2072 wrote to memory of 436	2072	qbittorrent_4.5.4_x64_setup.exe	qbittorrent.exe
PID 2072 wrote to memory of 436	2072	qbittorrent_4.5.4_x64_setup.exe	qbittorrent.exe
PID 2088 wrote to memory of 2084	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2084	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2084	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2076	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2620	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2620	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2620	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe
PID 2088 wrote to memory of 2644	2088	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\qbittorrent_4.5.4_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\qbittorrent_4.5.4_x64_setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files\qBittorrent\qbittorrent.exe
"C:\Program Files\qBittorrent\qbittorrent.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:436

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef4d29758,0x7fef4d29768,0x7fef4d29778
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:2
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:8
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:1
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:1
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:2
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:1
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:8
2⤵
PID:2680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:8
2⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3988 --field-trial-handle=1328,i,16086693315020380904,16065287053433858674,131072 /prefetch:1
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2860

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1204

C:\Windows\system32\whoami.exe
whoami
2⤵
PID:1852

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
C:\Program Files\qBittorrent\qt.conf
Filesize
84B

MD5
af7f56a63958401da8bea1f5e419b2af

SHA1
f66ee8779ca6d570dea22fe34ef8600e5d3c5f38

SHA256
fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3

SHA512
02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
0c3bd75ef628bd32e2bc1084f013fa9e

SHA1
783b3f4190af58d00d0541f83a14ccf3a164e13a

SHA256
87032048ebe34411a9a314f7d298e1714d8aba898824cce31f40c600add6bb00

SHA512
f9e1b1a8b6084d7f9aab4bd1190cc573e3d556d49517b306d7f3e4abbc235cf8d19d36a563cd9c1d91083cc68d232c746814ccf8cfa046de5b6dab63f2a1f9ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
344B

MD5
ac96bf2a32348a3881313edbe6991cad

SHA1
a9e0d62818aa06983db87924f3f41ab7be041f9b

SHA256
c75ce6c411ac9f9e4c8ec8bca4fdef6babc7064a0d14d36196ac33e223b08fe4

SHA512
0c89363ca53e5268c3ab4d86374397126e234b9008f8616356fcfe0ea57a669a6937fd31e699da328388ea2c37aeae05a7b3fc299ba8ff6e4a15cb7d5e341cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
18KB

MD5
d7b8ee9f330d330fae2c45634ac8c609

SHA1
8ca5f9b49c7018e99bbba7332df2b18e6fc8f7e6

SHA256
e8f2fa5a2166fe73a45a26af70d7ef264dc0444150a5ada2b8d00efac6069307

SHA512
05d52314b621b65a32484d5132c0ec50c0d087a5bb2b2f54bb006f56daefecae0b4ea9e38e2136b9c7f5badce1cf5fa36c8e8dfb364391ac8af58340598cb206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a35677413a24107249110daf288a1f95

SHA1
a8a21830583de0310785f5b952b30fcbc97e3ab8

SHA256
9adf5c41ac7ca855c5b26051154b28cc683ae9e4e699b17fbef3f8a171c1cadf

SHA512
073035ee25fa2188387b80ac006c9622ba7e3e0ee0bb9f49730d8d29e71ab6409326ed947fd1a75cb65e764e78862ede4cf789afbb999ca619694ed689abf7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
17KB

MD5
993a5176704b9234624909c3267aa71a

SHA1
9149009665ef0db1b9c46c14d803f07aa4348163

SHA256
69a0ddbfbfe7bd62e31bbb7930a73c1029693af1a212babac24ba29992be906e

SHA512
a6a0fece6a0dc4ec8d5b1c79920d01eeca21f1ecee31f2361e41956abd25bd7a3747b5d97eddefeaff8033ea878f9361e1921145a37f8990ffe3b9a1dfdd1d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
20KB

MD5
fe64cac4a28107cda6e92d7064cc2e9d

SHA1
dda6f8ed391c60d74b68764a55150e47a1c4f93f

SHA256
42c7b719b76432447bebd72edc6725c8701ac20771e26dc4294e04db30c4ccc7

SHA512
d9b87363a0e8cd4f06ddecfdc1430bfc3c5a4213a979fab3e7eb7b0eee337138a9bd1796863ec272950153a58fc05d331ae8257090492bd410edcd898bffd688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
015ed3d641d3954ca335290fcf764abc

SHA1
84b03fc03547f07ee90b9c140d12ebc73674e480

SHA256
6cdd65ed057c56e91cc2730e538fb461c98542a9647aa50f6fccc3e90cd66b45

SHA512
7b61c8733f4f73771fb339d864a4746cfb9190b42cd4a86a5453c00c7ab4ed479f4303f743aab455e48491a1b7c538eaac8782e69bf47d6b313d746efcd025d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
e5f60142e5e6dc0f70ca1fda7f281b64

SHA1
c011839b14cdb2f53f972a1bf40f7f38ae0287a4

SHA256
0962a87854315b440ec3a57fab8921b5e068dd7962b6fef47d9f4f98520345d1

SHA512
f8b61ff72769a38372ad734da099cca68345fc2f5a583fe282561d2e85a8f78c554553b2b45da99756d85d790cf0199157560aacb095040e1cd1eab5fcf888ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab22FD.tmp
Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23B0.tmp
Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\FindProcDLL.dll
Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\LangDLL.dll
Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\modern-wizard.bmp
Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj9955.tmp\nsisFirewallW.dll
Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Roaming\qBittorrent\watched_folders.json
Filesize
4B

MD5
5b76b0eef9af8a2300673e0553f609f9

SHA1
0b56d40c0630a74abec5398e01c6cd83263feddc

SHA256
d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817

SHA512
cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d

Download Submit
\??\pipe\crashpad_2088_UIBEEQEJJPQHLFJH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
\Program Files\qBittorrent\qbittorrent.exe
Filesize
28.5MB

MD5
299af9fcfb3067e8f5f64f0866c8fe33

SHA1
5244f3c95dbee3c29c4171899a1a158087419f59

SHA256
aacf4cc8c1591d4a5aeb1d1c32be0c0211fa593a3a4c5107f906a3910fdb6c34

SHA512
35598c4d22d29acec1f98fc61cb5e7ca8d3f281bb0ef586c0f1735497fcba4b714f8f5ab2c539cef8b843b35151e0516acd18724c04160c5cddd642cd754ebd2

Download Submit
\Program Files\qBittorrent\uninst.exe
Filesize
140KB

MD5
91069149dbc3b622415e8526caaed735

SHA1
8487fb850aabff16ab683b707cbcce4c69220d99

SHA256
09d1cc6f80cfa7d019365ca50de6dc78adcae147ebf061ae381e0304c3891f13

SHA512
c7cb0efe1256d4888d183740419f0f849fb8634ef1892791ac2bd25ad5b021e1ed3efeaad5616940926c4221d8312d781318e1e6addd6f1092b593ab42716f4f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\FindProcDLL.dll
Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\LangDLL.dll
Filesize
5KB

MD5
68b287f4067ba013e34a1339afdb1ea8

SHA1
45ad585b3cc8e5a6af7b68f5d8269c97992130b3

SHA256
18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026

SHA512
06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\nsDialogs.dll
Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
\Users\Admin\AppData\Local\Temp\nsj9955.tmp\nsisFirewallW.dll
Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
memory/436-144-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/436-143-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download
memory/436-141-0x0000000000190000-0x00000000001A0000-memory.dmp

Filesize
64KB

Download
memory/436-161-0x00000000001B0000-0x00000000001BA000-memory.dmp

Filesize
40KB

Download