quasar | ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built4.exe
Size

3.1MB
MD5

aadefab57f8d258196fb7defe775da05
SHA1

c547b196d15e134e36e941eb31fac7664418b7ed
SHA256

ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678
SHA512

e4ad1ec0ed8cc4d5cbc55f8996c0741b920836ed67a810d5446e42c7a96a189b3ce80e2dbea6ce3bb55b84f499e9d08cf4247edad67055b2725d9bd51d455dcf
SSDEEP

49152:fv+lL26AaNeWgPhlmVqvMQ7XSKdC/1J/LoGdlL8nTHHB72eh2NT:fvuL26AaNeWgPhlmVqkQ7XSKdCjN

Score

10^/10

quasar dusan spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

dusan

192.168.178.20:4782

192.168.1.9:4782

Mutex

ded81f24-0e54-4985-a1fb-e180db45c27d

Attributes

encryption_key
A81486939BB2FAD2A02EAF76B26242A2A9C6D91B
install_name
katani.exe
log_directory
Log
reconnect_delay
3000
startup_key
hacked by katani :)
subdirectory
download

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2252-1-0x0000000000AC0000-0x0000000000DE4000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\download\katani.exe	family_quasar

Executes dropped EXE 3 IoCs

Processes:

katani.exeClient-built4.exeClient-built4.exe

pid process

1796 katani.exe
3440 Client-built4.exe
5532 Client-built4.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

52 discord.com
53 discord.com
54 discord.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
52	discord.com
53	discord.com
54	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617679122650124"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{ADCDD10F-2E00-45C1-9761-5483FBF75765}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
1548 chrome.exe
5624 chrome.exe
5624 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

katani.exe

pid process

1796 katani.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Client-built4.exekatani.exechrome.exeAUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2252	Client-built4.exe
Token: SeDebugPrivilege	1796	katani.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: 33	1996	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1996	AUDIODG.EXE
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe
Token: SeShutdownPrivilege	1548	chrome.exe
Token: SeCreatePagefilePrivilege	1548	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

katani.exechrome.exe

pid	process
1796	katani.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

katani.exechrome.exe

pid	process
1796	katani.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe
1548	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

katani.exe

pid process

1796 katani.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Client-built4.exechrome.exe

description	pid	process	target process
PID 2252 wrote to memory of 1796	2252	Client-built4.exe	katani.exe
PID 2252 wrote to memory of 1796	2252	Client-built4.exe	katani.exe
PID 1548 wrote to memory of 4376	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4376	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4492	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 3964	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 3964	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe
PID 1548 wrote to memory of 4892	1548	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Client-built4.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2252

C:\Users\Admin\AppData\Roaming\download\katani.exe
"C:\Users\Admin\AppData\Roaming\download\katani.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5a0bab58,0x7ffc5a0bab68,0x7ffc5a0bab78
2⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:2
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1368 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:4892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4248 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4392 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4252 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4904 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4412 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3136 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5196 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5524 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5852 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5992 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5344 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6296 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6080 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6228 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6552 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6812 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6948 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6976 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7000 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:5144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6560 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=4340 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3592 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:1
2⤵
PID:5728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2944 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:5668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6676 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:5992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:8
2⤵
PID:6036

C:\Users\Admin\Downloads\Client-built4.exe
"C:\Users\Admin\Downloads\Client-built4.exe"
2⤵
- Executes dropped EXE
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2980 --field-trial-handle=1944,i,11187102471979308437,13599301512759314846,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5624

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1792

C:\Users\Admin\Downloads\Client-built4.exe
"C:\Users\Admin\Downloads\Client-built4.exe"
1⤵
- Executes dropped EXE
PID:5532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
59KB

MD5
33d2dcc9ccf87d6ed728ab0c46235369

SHA1
249e080a07601d8537b242546067229f49a4aca1

SHA256
a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c

SHA512
754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
69KB

MD5
c356a0c771a0209d3482777edfc10768

SHA1
1ff2d992af8a6f19c30ecbe8f3591f26fe1cab08

SHA256
32381f4549d36fa4583e599adc04056a4da80a6067c6805b7081c3f3f54a27ad

SHA512
561084baf8d65579ead79e79c2c3920ef987384d52ecc11a2689aff95c54a6b823a0c4a8e5b910e60e569450e36563f53adb5796f261f13bbeea59130b81fe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
327KB

MD5
af3899196275dae45500fc7671ba1a97

SHA1
8baed8b4951ae14677fa093e56d5540f6d989372

SHA256
7413bc9ead0d8ece381038166e278e2554908209d8a084e961fc18eab8ee6c7e

SHA512
32a8c08b55013ebdc62eb9b1cfcaf54a8ce7ef7ab3dd208a30a3cd1f6281cafc7d667e0c19ffe6dfbea8be5cf53df9509ed0c34337d8bfbad0723aa620542d3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
133KB

MD5
3b119bc0b1f8f4b3a8d126cd1f153a87

SHA1
e9a65c737466e5624c75b3cc72fb60877f7898f7

SHA256
0edbc4b05210c7c811e3943ab0e6e891da2933f809a817ab1cb0c3cc388380e1

SHA512
7eefefb3dffe25caf225b2c1f39fa4a204a253725b3844d3d840181408291bc469ac3acc6415453f27cadc228aed4262fdc3c9c0747e173e2a1874211db98e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a
Filesize
239KB

MD5
91daa37e09df8b688f7832e7d6d80aa6

SHA1
fc59e29275e98dd5dce1efc9b982ec1ba5ad4276

SHA256
eaf99fdddbab6953d53df2a7e81b5275e90e221e0a7ebd3d99f42cf4b6aba6d2

SHA512
96944b45cdaecbb55cf9869004d3644daffc9198b9a7033f581b0c2be769aca586944f9be48c68278df9f0159eb0b248d1a4c5122283e392827ff7d8304e2378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
Filesize
30KB

MD5
348c832a4560adebb39e32b91f392e20

SHA1
5f8743e97e3d0c418d90998072416705f17eb720

SHA256
32339f355b5b9b8693f9f6370dca7b05fe6042e3b2d94546afa05d569dd6b66b

SHA512
c225d7794c5c01872bb1af8a0c6af443f54e07f40cb8c03ed79c77a092ab35e03cbf29e2672cd070e93c998f54fe7776f4ff4e948dfd67af8d77039af6638cb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006c
Filesize
151KB

MD5
c798737fd303ec814cf40d8076bd5d5f

SHA1
0d18fd05f16c17652468175fcc41423a3d99170c

SHA256
a8e7368f03b24867920b42fe31331acf8bde1626336affcee9bd6a9d7daf0692

SHA512
31ad0a4e439b706ce0da3a541bad7ed5e5340d086bac526b7872ecfeb722edd9767d99baf72307ae6f79649e3be90542e9034b618dd75db7fc46c19eca72da35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000082
Filesize
195KB

MD5
98c981a429cfeb6045e5078f35dfc144

SHA1
2b8dea3a3c7c934863bbd0e2d7792ea219f07b1b

SHA256
869fd59144647b68ad8c9a357523821a138e34141afc5220707afef33bd6d564

SHA512
01779280d678ba930a3c9524ca082e5d438efa41ebbce627025a41210bb12eedc52306bf6964c3584b13b537bafa85041096c7f7c51f8a64966e97d764695384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9ef887563496bac07242cc80fbb18cba

SHA1
5f006cbdbf32b1c0d29bfbe97d504c6bb2142a8c

SHA256
4256be3c5b6a3e8ff364c24568ce1a22eab6c70dd48e08bdd9d9e554987d7bc0

SHA512
24efca79821bed681733cc027b2fd6adde73b84d064119f7249121eba53b8a334739b3a3c66fc33c11dda1d77bee305fbb753beb433608d2b5aa368d81c71bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.telegram.org_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
13ad460702437f6b3ed946efdb694532

SHA1
5ed2ba8e7d54f1514ec740e07c76f30ddda3f96c

SHA256
129fa89f0ab5b06c57d69874c8e499237e7a903d29fd8305a3a52ca4984e32a0

SHA512
4dc01adb77446ee5121138f667f7e77f86f6100998e1dbeca03db930bc22c93efa11d6278a5b9bed7778c0fd111fd8dd291893fb02086c9351c762cbd47d96cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
579b351bc82666ee12ebb2dda59e00cc

SHA1
4dcf09609d94cae7333cd7724d4b8e0a006d416b

SHA256
a0e83566111ec29c61f42a5ef9eac491bf8989c96cb3b1d684c4569f58e38dec

SHA512
10d3bb0359bf49324e07537ff678f63334403cf7153f2ddf5ecf9fa05d8bdf8c796aac13527dd68212c054b69762dd835bba6702bfd28b746bd54dcf209ca6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1024B

MD5
fabe691494a8865f3d7a9599e2510197

SHA1
9fabc3d7d722ac1e6d9e0d3166e2dc86abecf4df

SHA256
28905f7126f629a33e2d10a82fe3122531e8ebe242988e067b3bea00710a49d2

SHA512
e82939708b2889283e231e9e8a54a1297c5a48a28e7d3552802146605d22b094970be79e216ba1eced1738234ac130756dc7f00675568b21afc593d1ffde9d9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
c508b2a90cd367b6e824d8f1667b66fa

SHA1
e969e2a5a61eece072cc1a487f0774992e7b39ac

SHA256
232722aae2725900fef18068fdaab5ebbf25fbbcecff03084b366f71f45d5e22

SHA512
6d1679a61601a377c47baf254c535e52f625d6516568042ac96390711fffba32aff6cbd90a8fb0ffe1cb880c7c8d24b28cbb899ce75626fef1312949f06271e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a8d98ed0f2d3167d0b57dcbee45ff794

SHA1
37a940ea20ab9da303fdc8b14062818ee0a5f348

SHA256
21dd648e5c710549c36190a723474e24191e54b27f4e9daf3e19ebb768bae4ce

SHA512
7ef526e6ec3486b01018e854a26e691b7b6519bdf416ac012d67f7ae9f7fe964edacc080aaaa7fc4e278e721e529668d9f1e26c085b3112696ea97f24aa8159b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4838c0d6969c89fa476abdb428165a29

SHA1
caed7591f3925c9f1e534a5a52d393c40d04dfc7

SHA256
734c9ad3f11659c4bb9006dda9330196d13364b60554868fc87275cc75da37d1

SHA512
55851c248d56c8f929dccf480b03d5dc3f1930f0e7be83fa023c19fcad158300941470c34cbdb1c8255ee2ddadb1b060a6e38ed00e2442b6b45a522d6d560f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f0bdd31af1110cdcf59e495dd5e0168c

SHA1
fff933519f605fa2b772a0436900c8e07d19853f

SHA256
7fb5e79c73019c100a9242f09db4ab924a44a343e6c52d4289c333654739221c

SHA512
97d40525cad8a1681cceab02b224e23fe7a21a33d00ed3c1712a430a753caaa05fdea406656da5ea4b1a32a264df51d0db3f35266d3939919c53b81bf395f089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
9d5bdde27bf56744a0f23cadeed358e7

SHA1
edd763f7a3c8a4e183ea7ded9442298449ac7819

SHA256
855a7438c9201ec4ed0b983180af2054b7547a8f22871eaefd4b9260b89fb3b2

SHA512
c0353a9eae6ad2a67a1dd5c51e42e53d33a966175f00a57f1a12d4ed3e24e17af435f0a56ea21c54a1f7664025deb46881cb22baf025472639f2b1c76440142b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
ebc34b84d21b4ec3c1f61714a483b4b6

SHA1
ef2c34f2cc04458f21a630f6650f5f4d7da61659

SHA256
918c360e5ffcd19e214425fd4148c15c7c3fd3fb7606c681e75b16db1d9c6805

SHA512
963c83cbf24d1ff5dc29c8beec83e77bff5a5d9f53ff5eea4776b0a85f102f840464b6cd632f273b771c1caee23bc7c630dd29977772c16a75d38befcb12593b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
916c42f9c1556edddaa0c74b622aadd7

SHA1
841af84d53a6c662b09c9b50a8cc93c59814fce5

SHA256
e775dd7104dfded52e8e59dc328c4d6ef97e32e06ad11b62539d719700e199d0

SHA512
8b8fc94c4cfe16375ccbad75346176f84c0919e70a4bbfa75905edde9d7ab9ef8a48ea0c50dd7a280d6567974fec6c1f766409375a0bc89a14b0c403912eeb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f3435817b990d9c2b89648ff8bf69be0

SHA1
cdce6925d637e2cf4f66755fbb2680d232e20f52

SHA256
4b408d4d1501c18bdb03f2030cad8f9becd3d9ec1c72038c907ae8eda1c80e9c

SHA512
7936ebd67dc09f8e475b87615e614bf09c7684e5fd2d9497c63ff2985fa634f2cd71d676d17b2135f24dcaad775019f6af0a166f957a39a88ac043545b7ab220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
801f9d0c750df341690f853a1e46ac3c

SHA1
1a57faefd5d78b3ae9a6fa3b8bff9180d99688ab

SHA256
42990c915ff2be60b7e2b9d660e152c8a8334086da4d4743230683b8edc8723f

SHA512
d837e0d0cb79a466e5370d3aac2fd7e632402a424667f3346b9891f9da58e84e84313fa70cea4540af6cfe35c547b1dcf81133f51b297f1f497fcbcad0280059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4b9ed4dea21f6893d06d614cca69e028

SHA1
fe97e4135bf596a7ad678c4371506e522ed33563

SHA256
b00d563dd7d23c70183502ee80dc4ec10c938b10c8c0455fa7ca2d8505000cde

SHA512
2c8f70899477f1fee23603b9c6ed3f2bf7b4235fa75184fa3dc96b7833b8b0ffb78a4a9bcc10160c5c716068f3df449e932b216a210874a11f5ac5d6d598ea14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo
Filesize
27KB

MD5
4c0c88980ae1477c8f2a078b543477d7

SHA1
2889d0269b14335b5f1236cb974dc2e1de08e19c

SHA256
fb8a8e1602c87acc77e619992d0cba0b0b580d58554ec0caf9d63d4a0d0c298b

SHA512
4887dd95de705e69cf893f22fac53e9370922173db71891f311a06e17b9623c9b402134ac1d510eb0d41d8ee724b631c3d4460d50ba9a70dca5dc397a759a176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
f0be8e9f9815a29a0900f273197d4bfd

SHA1
238e4d1d91e49912aea2d2d87c1a93a1a50ffa78

SHA256
998aa478f9058caa7900221f61a2a14428b57f3cb3c522cf6dc72d2150bbbddf

SHA512
84c02aa7ccf6a9f6dd81e0c2b23ac9e80c9f902c37092893315cd55ec3b9713db2214b794f83f46cb312a312863e10958a5ff3f49256f9ad4d0997e1b0ab0649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\018f8127-27ae-4dbc-87ab-63eef0985f11\index-dir\the-real-index
Filesize
1KB

MD5
6408ae87af152b0ba45f7d9bcf4ce58e

SHA1
ce369f18c72a4a19c736544bcbf61d8c705bf73c

SHA256
59bfd27d7a0fa9b2aeae45f7dc81b718673d6000271b892c7d5be02192b9bd49

SHA512
9c5a70f937fee007cc93e017ba0a7a3cddf73cfc872579128af658de46e20f83146eb4468f512920aa50a44b1ddfddd897f5461fc2ae4fc7b6302693eaf80911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\018f8127-27ae-4dbc-87ab-63eef0985f11\index-dir\the-real-index~RFe58c58d.TMP
Filesize
48B

MD5
a6d6c6e6375edcbb0547f791f66723f4

SHA1
395c8961bd9ba133c89e772e08bab4e21db0c9b8

SHA256
5f1e65610810bad3a550e4877c8486b97113dd3a38444ada15654f006aeada32

SHA512
af160d07d7369ed72bf23c87824804f27e52fd79893221c8c6e1b4a012be76d5491ba770adfdb2e84fe069b51d636e01cc2838e463c41fa436e0d380401cd8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\cfaa1a5d-e4ca-4322-bc5a-160f14bc6242\4912ad923f67483f_0
Filesize
60KB

MD5
5c4fac0397a0ca1bba7dbb122d382518

SHA1
b6ed8d0684c50da83e970e38f347c9e212511062

SHA256
cbea87815149479702c037405cc9b73237cc925f700f90089ec349cc176d595f

SHA512
24b485c6670b9d18db6fa75cec2e3b69da38eee73012d3cbda02e862e2e37b2e7dcb0393d45d220bc39b1fbc2f803cf5c21c7af87a8dccaa58c92099e2f96311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\cfaa1a5d-e4ca-4322-bc5a-160f14bc6242\9c6d83a70a3663b3_0
Filesize
310KB

MD5
21bccc35c2f56c4a6bc4eada68abb173

SHA1
240e755ffcdd19c499529253b668dcc59e4187ef

SHA256
f66c0cef427176c6626d14abcc5b14432065c4c1feb0ed2c7e930911dd9bdce6

SHA512
dcec7e0be65caf4f695ed12077ac68e40e395c5ee2d1c8792416d10ae1f1d5aa382935343e706bf02e7a17715f77683e7482dd12903ea0fce5dc77764b91b06d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\cfaa1a5d-e4ca-4322-bc5a-160f14bc6242\index-dir\the-real-index
Filesize
6KB

MD5
e911983012ae05625dc4e7aebd244a80

SHA1
c494b45dc92302e4bc00b3cd0e46564fd5cc154e

SHA256
b45d6190e385d43a901d970961ff2b3efe3a6b0dcba8bfdac8eda2b402288f16

SHA512
d8fd5a253b4d9073d84051e256b095afd52b2c148f481391fa7655bd1384a50a0cbc61ef981f73a30ceffbfa6915a09ce37d1d12e08a20efa26b24510748ac72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\cfaa1a5d-e4ca-4322-bc5a-160f14bc6242\index-dir\the-real-index~RFe58870d.TMP
Filesize
48B

MD5
8485faa246d7cb359926570be9b13834

SHA1
a0fe47dd5a503e32083e4e203da5932e3c964efc

SHA256
1248df709cbf7106828027922b33ebe75c599d1fd551d44bfcad2ecec1b52011

SHA512
af654c1f684bca725ee6a2f130773ed4447e03c9c03764910d8fa58bc4cf6148a638e2c687f9a64935c03e6e83d36c9ed77fafe91c8d9fa4fe9d63a56722ee0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
190B

MD5
4eb3044658b667fd9a2a66026456ac2e

SHA1
5f505f23d79493995da04ec7aa4908b6231fa75c

SHA256
c3c935aab76a68c5bc9390505e61d179f85d78b92760b995154cd69e10c2174d

SHA512
0b6768fbcf94f5f54d0383298c1d47fd1fffda8f6eaeeabe4d76b5a73e2803451f1ecd7fdfad1da17d046c1a3e766d4f892d9cca457d9ea5cc63123e38d71fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
250B

MD5
7330cf2fe144f4c9f73f0a2948bfe37b

SHA1
761f881f4b62052fa6463a07b5e389c15e40c431

SHA256
13e474b1993ff6c7c7f763f31f76a874e9b96258e6365d091efc67200add3165

SHA512
8c443789373572b3ae1ce115e08f53c893591cd0b45c7e8db0f03aeef8eee1db703327d1ee6ce379ecf8be9f87830fdbe3e5ff182af0322cbd7b502053af04f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
249B

MD5
496239f7f255d7870e20bab09ca60d95

SHA1
1b07d817a5d0d34bc302b48127dd335b8bad90cf

SHA256
f1651cbe40ca7ad8e0e155c64be98e0b4875408de89887cdf815884a2df7fe93

SHA512
26d96aaeaf99849cfb80dfe0987d0523d3cd993009754d4880086eb419b88c868acb85fe729a94c19f76357cec264ca33d30845fab8fe845947eed25d77b1cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt~RFe57ea50.TMP
Filesize
124B

MD5
646dc3bc91d19501f1675336a0c3777a

SHA1
bfd9b23c29206364c07e9dc7f1ea76b9cc1999f8

SHA256
78eef8008e459272a3c9f6741f11389169799e417b037a43b568c31be77b32e7

SHA512
9a0bce181002288fceda5bd718b60d0e3c68605bc7b22e5647411c235702ae2a97502fc5ee48f35e2678009c6de66c120f29d52e5d75a6fc09e4de1fe29a1805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
1e4015a48b1eda60039bb527077cfc1d

SHA1
b08d40c57385e205d466e26e039c03092a7668c7

SHA256
cf77d0a5ba2fdfc0d4fcef24bc84877706b2cc5cc6c9f015259a16065520f5b2

SHA512
9540527f344f71ec94b0292ec0212855249805b65cd29eb6044fad04331716cff193f22a6f31635d134b05017576890815fc954aaf0fd4cddbc886a047725c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583851.TMP
Filesize
48B

MD5
18e630fed2917c064c3966076b1bbfb1

SHA1
0caebca658db35855142e04a1c9b1cb8c3b79055

SHA256
0d5e05fdbdd09ce492801eefbf2ce8b4c79ec78a1c8219bdae9d4c07936a7357

SHA512
5d5bb77c882b6f9f777fc018f4822a1a879633e0f0f43ff6c4a484f8d5215573f07791d69fde61b7f851174311bcea3664898bfd8af4e0e9b2b6e6141876db88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
3470cddc8d22dc23767d7764b108e3a8

SHA1
0157ec76b98a3f597fe3e0894f515622912f4a29

SHA256
be25397b6d4e359c760208e441e2c74df040d30259efa0dfc24fa777e3e0b1dd

SHA512
0abd138315a9324d2854e8faa7494a1e7f03a294004f3bcb8b61960509aa5d938260017f2f22a5fcc7aac5a976b68637d6ec0fb95d062ce7cad4fc153cc399a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
258KB

MD5
80bf0249024fa5769dd9ec0b59ee6636

SHA1
7e64f31acad71ce2e7d7467009a15724135a8918

SHA256
4ff339000827c9f51c04d955803b5fa121992603836bad2f6a37eb2dee982b2d

SHA512
29ae5d8a25b3e3d72842998c00e5fcef330b466fbcfb7369467889535953cd30803a530f32c27845ea38bc3ef3f9c8058028a484a8709a030dad0f24236df8cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
043a4743e758db875e4b8690af72a1dd

SHA1
5c140974829c9c43f6c5e155ae220c888467a1a0

SHA256
5bedabd1c09b73f4d9a1f356f665504cb9ea3b29c5b4c9bfb606e1a0db3e02f7

SHA512
eb35b073ec41ebe88a4de6387c8e72bec6c0233b74429b0e349dc0174c08421031a9169f9cafab775ac91a87f20003ea0362269cfa56542af21c7d88486dc515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
f864a33c04809d5ad56ee0621e84c06a

SHA1
73a14312dfe703708755d310056b74b73119682c

SHA256
b725ce70211fb90ccc28ea5a2daf367f6aa7fd831ca430c0ff9410e6ef700011

SHA512
5a7317515b70caefa84c504ea4b149447a7f38b103696446aea338184900e4cdd430ee1fe0060c32dc8fa3fce2a83ca0aebd5478ba1fce3155cbb8f6d10af9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
283KB

MD5
4ed616d506bd8999fe82398c873c3ec1

SHA1
2bb218638182a6651459baa89fca81575fe6f43a

SHA256
ad86b4be4379550bcd5c6b3465282e44c6ad26a4ffb88537fdc23bef1c182990

SHA512
e208fc7929a63f1694051a56a078df0a1e37f3880b3329602afd8eb20271f6241174618fafc812beb8b32d4d798318475d64e3b76be145d83248eafa06e95465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
263KB

MD5
44e2bbdb8e926ced01df481109553d54

SHA1
8b99e9f1354faa7ca4ac923373a5ba25ea61f06f

SHA256
813fcb47521db6c2d55fea4fe7e5b35e062d3278dfb30d6dc426ff53264aa446

SHA512
1171050b1dd143587ec1fd680f2258a12094df83e2973b79ef27ca6f204b673df818f5fd7631d2bf61654f310c3bf6548cda14390563a7054beceb770be76fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
94KB

MD5
33918d86f38aef3e63c22e1571f09bcd

SHA1
6062e8c993e90ecd50256c26b638d1de50414b7d

SHA256
c4667dd8ae06a0f3e30d319e0519fa4c8677ec99a9af5253a0dcf4dcdcd1223d

SHA512
0fea4137835cfa66489e03c2630c576ae9cf928dc436b76dec3aee280fc795ae17ef100fd3560767d2d894a5e74b5933b76376aeebccf32fb3b8680047a4cd5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
107KB

MD5
cfecbbe8481e80249a1d9865f4bf8ba5

SHA1
7ffce3169159f22b75cac8be6428ebd158610441

SHA256
0aafa31ac5be47370f1231765a8134a6b022decf38b384972a447223f8a4afea

SHA512
1fce5c1712023da94da5ea9cb1b25339d7c0dc746615ea58c59c8267a0257bffd7efced18c547924483952e80c556ad08d07784cbd9513e561b51b6425f97871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fb96.TMP
Filesize
91KB

MD5
6519525c32fd1da6c03ae268bda0601f

SHA1
a639b61692b7381239af9fee3d25a2aa691c30b8

SHA256
b47a1ecc4fc0864baf683e04aed4bdf0673d442e2570eb28a135d0cbd1c7d522

SHA512
9a4aa809151c650a05f081beb8bb31286d9428720cb022f4ca2eefc6f3c0a7aaeeb1caa4d5dba58295b43c3608525ad019bb498dd6e18e94a918a05c2ce48d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client-built4.exe.log
Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Roaming\download\katani.exe
Filesize
3.1MB

MD5
aadefab57f8d258196fb7defe775da05

SHA1
c547b196d15e134e36e941eb31fac7664418b7ed

SHA256
ec73d7962ff8f5ca2ef83d10104fa49d26fd60476b2b3afc6e2c681e665cf678

SHA512
e4ad1ec0ed8cc4d5cbc55f8996c0741b920836ed67a810d5446e42c7a96a189b3ce80e2dbea6ce3bb55b84f499e9d08cf4247edad67055b2725d9bd51d455dcf

Download Submit
\??\pipe\crashpad_1548_HCWJXVKDZNHAPPWS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1796-8-0x00007FFC5F790000-0x00007FFC60251000-memory.dmp

Filesize
10.8MB

Download
memory/1796-547-0x00007FFC5F790000-0x00007FFC60251000-memory.dmp

Filesize
10.8MB

Download
memory/1796-10-0x00007FFC5F790000-0x00007FFC60251000-memory.dmp

Filesize
10.8MB

Download
memory/1796-11-0x000000001C3F0000-0x000000001C440000-memory.dmp

Filesize
320KB

Download
memory/1796-12-0x000000001C500000-0x000000001C5B2000-memory.dmp

Filesize
712KB

Download
memory/1796-61-0x000000001CBF0000-0x000000001D118000-memory.dmp

Filesize
5.2MB

Download
memory/2252-0-0x00007FFC5F793000-0x00007FFC5F795000-memory.dmp

Filesize
8KB

Download
memory/2252-2-0x00007FFC5F790000-0x00007FFC60251000-memory.dmp

Filesize
10.8MB

Download
memory/2252-9-0x00007FFC5F790000-0x00007FFC60251000-memory.dmp

Filesize
10.8MB

Download
memory/2252-1-0x0000000000AC0000-0x0000000000DE4000-memory.dmp

Filesize
3.1MB

Download