quasar | f9fe2e128957291c5d3fa3c57faf6e973ce71622abd045d9817abd50498d87d4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5.exe
Size

3.1MB
MD5

baed5154289df7406a0fb0be4cc2c9e6
SHA1

828669dbe1c5e6c043808b1115bfbb87e6686d7b
SHA256

f9fe2e128957291c5d3fa3c57faf6e973ce71622abd045d9817abd50498d87d4
SHA512

7ebabe0990f2ebc0c3cce1b57f1231b4d46b5e475649f6dda31156395a9dc386d6ef1fb79f9603e3efa3dd42eb3477a15040618e461d149c5ee1b46462ce9bf8
SSDEEP

98304:jv7L26AaNeWgPhlmVqkQ7XSKRxtihjB7:Lh4Scw7

Score

10^/10

quasar dusan spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

dusan

192.168.178.20:4782

192.168.1.9:4782

Mutex

ded81f24-0e54-4985-a1fb-e180db45c27d

Attributes

encryption_key
A81486939BB2FAD2A02EAF76B26242A2A9C6D91B
install_name
katani.exe
log_directory
Log
reconnect_delay
0
startup_key
hacked by katani :)
subdirectory
download

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3288-1-0x0000000000E60000-0x0000000001184000-memory.dmp	family_quasar
C:\Users\Admin\AppData\Roaming\download\katani.exe	family_quasar

Executes dropped EXE 3 IoCs

Processes:

katani.exe5.exe5.exe

pid process

3368 katani.exe
6108 5.exe
5356 5.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3368	katani.exe
6108	5.exe
5356	5.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133617680831579522"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3504 chrome.exe
3504 chrome.exe
5236 chrome.exe
5236 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe
3504 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

5.exekatani.exechrome.exe5.exe

description	pid	process
Token: SeDebugPrivilege	3288	5.exe
Token: SeDebugPrivilege	3368	katani.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeShutdownPrivilege	3504	chrome.exe
Token: SeCreatePagefilePrivilege	3504	chrome.exe
Token: SeDebugPrivilege	6108	5.exe
Token: SeShutdownPrivilege	3504	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

chrome.exekatani.exe

pid	process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3368	katani.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe

Suspicious use of SendNotifyMessage 25 IoCs

Processes:

chrome.exekatani.exe

pid	process
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3504	chrome.exe
3368	katani.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

katani.exe

pid process

3368 katani.exe

pid	process
3368	katani.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe5.exe

description	pid	process	target process
PID 3504 wrote to memory of 3600	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3600	3504	chrome.exe	chrome.exe
PID 3288 wrote to memory of 3368	3288	5.exe	katani.exe
PID 3288 wrote to memory of 3368	3288	5.exe	katani.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 3816	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4320	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 4320	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe
PID 3504 wrote to memory of 2340	3504	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\5.exe
"C:\Users\Admin\AppData\Local\Temp\5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3288

C:\Users\Admin\AppData\Roaming\download\katani.exe
"C:\Users\Admin\AppData\Roaming\download\katani.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc77dab58,0x7ffcc77dab68,0x7ffcc77dab78
2⤵
PID:3600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:2
2⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2112 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:2340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:1
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4220 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:1
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4396 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4108 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5096 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:1
2⤵
PID:3604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5292 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:1
2⤵
PID:972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3352 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5688 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5900 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5980 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:8
2⤵
PID:5940

C:\Users\Admin\Downloads\5.exe
"C:\Users\Admin\Downloads\5.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 --field-trial-handle=1920,i,9526387019462475670,14727041759198210427,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5236

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4256

C:\Users\Admin\Downloads\5.exe
"C:\Users\Admin\Downloads\5.exe"
1⤵
- Executes dropped EXE
PID:5356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
195KB

MD5
98c981a429cfeb6045e5078f35dfc144

SHA1
2b8dea3a3c7c934863bbd0e2d7792ea219f07b1b

SHA256
869fd59144647b68ad8c9a357523821a138e34141afc5220707afef33bd6d564

SHA512
01779280d678ba930a3c9524ca082e5d438efa41ebbce627025a41210bb12eedc52306bf6964c3584b13b537bafa85041096c7f7c51f8a64966e97d764695384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
Filesize
22KB

MD5
0af5d45d248869c774ad2f1830cc5777

SHA1
2705f0a5b7ec3fe892f36b96edc8b5dd72f6ea7b

SHA256
17be065e170fe9056d0a9f1489571ef846e916045b9dd955cf39056b1b099b9d

SHA512
6a909651c46ed7ec6066814488dcccd629f60cb887e9ca47242fcec766b79def8b57aa51fb50e572009de2075620dbd9ea85a201514bd92033bd4dac2306fd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
16346c58813d8e62a2b22f6a4a822e7a

SHA1
ab89223ffe2b99e7b4a2313eddc6a71469de6dc3

SHA256
eaef68f5100ab3003c8b72ad8de94b7dc91fce3f2b55da2491f4fe9a62adcfc7

SHA512
b05ac71c19b9b708d7aef1fc72ab8ac8738c36d006d4c005b9371348f79f3c59e9b8831772ed852088f1891f2a9c410725fbd00f7367d57fdb409d8880065aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.telegram.org_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
6abc818688fba63438149315451b77eb

SHA1
7d5efcab27783687f911787a6d78734cb85bf333

SHA256
b97fbb625622b39a6428606837c2c907e347b86e9531fe15e4133aa5dfef40f9

SHA512
7bbbf3084361201c5aedc488c290b2c43ece19fe1193e31e9fcaaa6eec28975fe901dceaa07f3b9663340fba525564ab951d60b276d6047af0eaf779e0ebd777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
c74ed293ef0ed3a7f7c18c290c467df2

SHA1
cb12be61b53f1d4c5b62a27f3b1796a519723306

SHA256
5dca6bdb88c5fe4ab6322fe5aecf9031ce710662105059b59b683ba330b5c243

SHA512
6c86509e2de55293d1b69598fdb28030d0498c8ad0f9cd5a79b1dd0a0877aed689731111b4dc513a742413341328fef7e6380a6e69cf0f7b1e58c2df8cc4a8ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
0c9328e368682c7e06337e3bb33c2536

SHA1
5022fdc635bd89add5cabdb81f3501b4120342c9

SHA256
ca903480e97b5bfea25117ad01157c9eade2a34cf95a0a8133e217844e88b044

SHA512
d40018e91e33fdf04404a1b82cbb19f6f6408c60a3b6fae5962d15cb5a5f69956c11644bc1835f771b9415822728f0a7100667815079703909154c7a03b2b13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e2c457cbba882baa7c28b954e9e91a10

SHA1
e47cdf57efa6572cc13b9c070ee03671aa7d9894

SHA256
e1619679910ecf9fd8f4a8f2fee8c4828490f7c3fdcd30035e7f9670e69d8290

SHA512
6e7ec02fe153b77715272b33fe62632eb31b85a2f2fc77535061da7e5da34d689482766a2a97fc81e8de133f37129c6582036d7c4640b60b234f2c34239fb2a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
ffd68dae6296bf5d3d281bf4b40a9fc8

SHA1
1634f4353198e111f04057e671a418baec5efd0b

SHA256
975bbe97cc57c6598e4da3cdbd7a534e058beb3563c0c054887807c44b345728

SHA512
f5fcc85898a10ead19596d324028b27e87ea9fb30262e338b9e3a527875b23ea715db8db94c20951641f33aaeceedcc3efc38db96d6d654c19a5e0f165e5199d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
9c90f6b791025892fcd57b9702c8a9db

SHA1
ec9959a1d1cdccc84a43ec9c2f6de21ad0e1498e

SHA256
04b5ace74b1f7afea98a9a31a9876475172d6f26211ed1ea89af921955838aa4

SHA512
efa66c477a5911a43d6ea2f1d963bd10cd79a9a799dc592b53710fcb917246963a982450f2bd2309656f623f9600589693a6bdfa740e8c3521c807f8f8a52992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\3d720f75-df82-410c-9172-c78a21672dc1\index-dir\the-real-index
Filesize
1KB

MD5
084f632647aa9dd4b8d4cc8200aee9bd

SHA1
0e25772cd9c903a9dfa749232751bd042e6661ec

SHA256
b965c11bb5e530e113cae7f590c579527d19efa90120a41c9e86504310887116

SHA512
6815682eb445d1e8891d3efe3451d27d171cd062eede7c0a581912348141a6a6cd7448808bc263b20824941cb3bc5005161bf102b6e8fbed75346f573a4cbdb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\3d720f75-df82-410c-9172-c78a21672dc1\index-dir\the-real-index~RFe585a6f.TMP
Filesize
48B

MD5
5cdf4a8ca88be5a5fce73241008cc165

SHA1
ff70913781ff552eab3be0db1dee084347fa9a90

SHA256
f8273e7dce453ad29c8d829936ccfef6053ac9c97ba587414316e6c81a138478

SHA512
0b0083078fa360356bcd69cf727030c3c40f2d66c15a60e234f47ac6b7faed77d2c55070dc81bc02947814693d3971b189c1ef278b12425f0041c104c069e733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\82cee693-e08c-4bf9-a579-aa9c44f019c5\4912ad923f67483f_0
Filesize
60KB

MD5
c29025d2705e00a4d518ec5749dfd7a3

SHA1
488e7f51c331dce3ad5de82d1ae324ff6c64eac4

SHA256
092dce485959ba686e6d671fb3eeaf3e4caf5f04e70ca79635303dd097d1d4be

SHA512
048c4b4da4d8221577505157f75b6b38d1906733a3ba0ac6cabc35850bcb62501f434c68c6e6be8f6e3c051f91c111f98bd315ebecd510148e200a0ea5181785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\82cee693-e08c-4bf9-a579-aa9c44f019c5\9c6d83a70a3663b3_0
Filesize
310KB

MD5
0e6b08f7f25089e80a1ce5aec7eea0c8

SHA1
933f62346e7cd2f625d665087f61681628f0ae2f

SHA256
b2adb06a27cd997d83801970e29b7b4d4b369327fa2f32909abb7faf91aa4ef0

SHA512
1120e33c6268883ead438d62fd9d3f96ff35f4504e3da0146a5bf4aa8beafcfa13b893a38981979e4b7a2ea7fa4a73ee165e817e12b65ffd589641d1f6f44d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\82cee693-e08c-4bf9-a579-aa9c44f019c5\index-dir\the-real-index
Filesize
6KB

MD5
3018eab9c1f073887b5d6761ed2bd9eb

SHA1
460deda122c9ceaa7143df340eac1a4f1b440e5c

SHA256
8f63a41562d694b2ce0b4ed85fc83f5463032b49e3fc4571b3eff7494fb7701f

SHA512
f13c14316240a22f386bbe2033063b428949b5445f025907387e0aa2b2bcc1fce9d170fedaa21121a49c16c01d532ea5f25b11a42b9e24c2ad346becda7fb56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\82cee693-e08c-4bf9-a579-aa9c44f019c5\index-dir\the-real-index~RFe57fbb5.TMP
Filesize
48B

MD5
0647b1b274d4f2b2ca4665b5249714f6

SHA1
782d9584b317d58450cd7064cb61036277fdd6b0

SHA256
0c3e569497288b90998388b12bb6fbb18348a7bf8b8a00600d3779c2cad511a7

SHA512
5df44382c3d058763b8ddd240e9129790aec763d04430effd14f1b19d86450a115660cd00450e6c161a28f8c795836535517a7f31ad7624b244938dae16b9061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
190B

MD5
3ed946612592f0828b77920d79e7909a

SHA1
f8cf0d7f444db28f9930fb6c7cb5fb12724305e2

SHA256
a72dd89dbb4152d5fc49943480996de39e48733612febcca5b6642df37db8fab

SHA512
0f7bfad6aa44791293b6c679ad59ecd926f2a91de373b83d8ab967334b32d8f92b13deed7ffb2f879dde3ee842f04cff939e1bd4bae259cf2fc1709b94813199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
250B

MD5
44497aa4e7484f0a8c2b178827e619ce

SHA1
558a07877a1b0bd6a42a2544f997b0dc9c4840ce

SHA256
b0c680ba79b62c6bc55c8b61fa544bfa149beb839f7d9837d8aa179cc91765af

SHA512
4df44cf0df302f183047d1a30f2260989a53ccf5f862d8b47326f7739ce3f57672744cd734d1769b156c43915aec989293c8c77732e213c04e11a26d5617a11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt
Filesize
249B

MD5
8f5324d8650dcac6f84d771ca97cc133

SHA1
cc7e6294ceb66ceea93c9671a8fb20f794f4f9d1

SHA256
b7e57e26ab8ed610187b15ad7e5851aa18ce4b5c1e80b414efc284d4b72a809f

SHA512
65f575bb35f377b4dfe0273a730b55721391f814e1b1edad5cb8dfb1922933b7d5a40371d9349ff69f791adbc0900e1d1d99a814d67140e05e1e2347ffa878e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\ba00623a413aef1be0c65618db85f0b8176e803d\index.txt~RFe577649.TMP
Filesize
131B

MD5
73df469ff049aff58ea55a0cecfd43b8

SHA1
d3d02ceb7b0b38dcdea962a872cc051e801846b7

SHA256
794881b26ab6adae5da2dfa0519cd2092c1603cd70565c8ebfc176fbca7576bc

SHA512
a7b4492bfca231aa2871957ecb10fd9547d9f9391776ef5032215f084d37254c4533f66b042ac181a125ec396c6c1bbbe191133f0e11505028f39ef08b26806d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
62835210971ec98b4d590ec9dc68a531

SHA1
3db75ea801f0e27c1ed12e9e439a981ecbd60327

SHA256
70061c2a56abe37a2e31bd0f0b2f83d43ce96b2770eab1400ff42a0630a470bd

SHA512
ee363466562b64f03f4a62e6b1fedb327909113480719b91230469fc3b58ab4734880e50c8d9599e0054a2d0205b412c0cb2d1f2ed8943054afcd8d2fe414474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c40b.TMP
Filesize
48B

MD5
0ab78ef633b3dac8e673654c4d84ba65

SHA1
9636ba4af84fda52851e68fc61bea1165704374a

SHA256
e9e939b62d37b38f5c9d3ccbef4df011c3994f0184a45d9a779cce2369edbea1

SHA512
21fdf2e0759ee22dbb8813100c03df46eb66af4afa50726a4c23cee5ed62478fe9e819385e684ebaa45d740495233dc0a451f05121d6e1824cb2cd676c0be704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
261KB

MD5
95daa3cb6be0a73a9fddf9345bd1dac9

SHA1
59342769315c08e143d0754d884df0c81406e9e6

SHA256
217d2571478390ac55c6164949fe38ace2d06832b8e4b64d1e01af8d431d8426

SHA512
2ea82b5ade232ed6b82a4dc3679f8e6b1cd84f2473abf60eadaf3a661b53a2fe04b219cce6e80f81082fb591886fcfac0629003347733330ff27b13f79e631b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
d39c26021a72c2d484dcb4d3cf3d3d38

SHA1
a8f1949f458c3656587448c5aa40e1c411c7f4e5

SHA256
5eec840cc2a6eefb8a73723cb5c912ceea0b2efc51851c94c91c44ce829bd06a

SHA512
d43914c94ce977ef07bff3869ee28b8ccae4ac538e65e80eb88b3446b300f5e7b048e58a0d7e5225952a2c6e43db9d0816305afa4c853ae8fcab79765500d606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f02c.TMP
Filesize
88KB

MD5
5070f285233b746a7d24772c0494bf75

SHA1
ea27919261412ecbdbb1eccf6a26ccfaeaf64315

SHA256
c8cf655a873ea0e5448f3a23c78bd03bd2a5705775644af54dbb57cd715b221d

SHA512
bba793f47cef4a05069ca84672907de091214e749517ffb821adde00355f63c01b8904b99eebe11492fd234eeb3afdb7a392d0c4cc854eff158522a90ab7637d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\5.exe.log
Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Roaming\download\katani.exe
Filesize
3.1MB

MD5
baed5154289df7406a0fb0be4cc2c9e6

SHA1
828669dbe1c5e6c043808b1115bfbb87e6686d7b

SHA256
f9fe2e128957291c5d3fa3c57faf6e973ce71622abd045d9817abd50498d87d4

SHA512
7ebabe0990f2ebc0c3cce1b57f1231b4d46b5e475649f6dda31156395a9dc386d6ef1fb79f9603e3efa3dd42eb3477a15040618e461d149c5ee1b46462ce9bf8

Download Submit
\??\pipe\crashpad_3504_EXFJRDQHHDQOHAHF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3288-19-0x00007FFCCBE60000-0x00007FFCCC921000-memory.dmp

Filesize
10.8MB

Download
memory/3288-0-0x00007FFCCBE63000-0x00007FFCCBE65000-memory.dmp

Filesize
8KB

Download
memory/3288-2-0x00007FFCCBE60000-0x00007FFCCC921000-memory.dmp

Filesize
10.8MB

Download
memory/3288-1-0x0000000000E60000-0x0000000001184000-memory.dmp

Filesize
3.1MB

Download
memory/3368-605-0x00007FFCCBE60000-0x00007FFCCC921000-memory.dmp

Filesize
10.8MB

Download
memory/3368-14-0x00007FFCCBE60000-0x00007FFCCC921000-memory.dmp

Filesize
10.8MB

Download
memory/3368-20-0x00007FFCCBE60000-0x00007FFCCC921000-memory.dmp

Filesize
10.8MB

Download
memory/3368-41-0x000000001BE00000-0x000000001BE50000-memory.dmp

Filesize
320KB

Download
memory/3368-42-0x000000001BF10000-0x000000001BFC2000-memory.dmp

Filesize
712KB

Download
memory/3368-62-0x000000001C900000-0x000000001CE28000-memory.dmp

Filesize
5.2MB

Download