quasar | hxxps://file[.]io/HuMrGB3LqMyH

Analysis

max time kernel
53s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2025, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://file.io/HuMrGB3LqMyH

Score

10^/10

quasar tutorial discovery motw phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

tutorial

celestealayna88-30990.portmap.host:30990

Mutex

59fd2b8a-ca80-4a8c-b0ac-c8763595ddb5

Attributes

encryption_key
F8BC2EC8C7EE767DA6F21243CDA870FBA63D9B04
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0007000000023d18-240.dat	family_quasar
behavioral1/memory/6468-277-0x00000000000B0000-0x00000000003D4000-memory.dmp	family_quasar

Executes dropped EXE 4 IoCs

pid	Process
6468	Client-built.exe
7276	Client.exe
9048	Client-built.exe
8224	Client-built.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
725	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133810218582850672"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
7164	schtasks.exe
7448	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
860	chrome.exe
860	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeDebugPrivilege	6468	Client-built.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeDebugPrivilege	7276	Client.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe
Token: SeShutdownPrivilege	860	chrome.exe
Token: SeCreatePagefilePrivilege	860	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
7276	Client.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
7276	Client.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe
860	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
7276	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 3976	860	chrome.exe	82
PID 860 wrote to memory of 3976	860	chrome.exe	82
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 4796	860	chrome.exe	83
PID 860 wrote to memory of 1976	860	chrome.exe	84
PID 860 wrote to memory of 1976	860	chrome.exe	84
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85
PID 860 wrote to memory of 4252	860	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://file.io/HuMrGB3LqMyH
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8dd11cc40,0x7ff8dd11cc4c,0x7ff8dd11cc58
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4756,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4912,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5092,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5156,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5432,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5532,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5648,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5780,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3836,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5956,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6268,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6444,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6536,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6548,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6888,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6928,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7076,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7320,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7352,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7492,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7656,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7768 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7812,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7956,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8184,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8388,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8408,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8552,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8540,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8936,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8948 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9156,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9528 /prefetch:8
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9236,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9700 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=9556,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9720 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=10128,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9564 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6780,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9168 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=9508,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=10528,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10448 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10668,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10696 /prefetch:8
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10012,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10744 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10832,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10820 /prefetch:1
  2⤵
  PID:6232
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6468
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:7164
- - C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
    "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:7276
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:7448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=4552,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11164 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=4692,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=11308,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11320 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=11428,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11436 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=11472,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11576 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=11712,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=11720 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=11172,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=11604,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12048 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=12196,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12180 /prefetch:1
  2⤵
  PID:6620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=12572,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12200 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=5520,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=12956 /prefetch:1
  2⤵
  PID:7384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7884,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:7660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7048,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:7760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=14068,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14052 /prefetch:1
  2⤵
  PID:7924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=14096,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14000 /prefetch:1
  2⤵
  PID:7980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=14204,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14184 /prefetch:1
  2⤵
  PID:8036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=13968,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14084 /prefetch:1
  2⤵
  PID:8048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=14356,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=13812 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=14368,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14376 /prefetch:1
  2⤵
  PID:8152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=13980,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14756 /prefetch:1
  2⤵
  PID:7212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=14876,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14312 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=13932,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=14896 /prefetch:1
  2⤵
  PID:7300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=15168,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15184 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=14880,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15192 /prefetch:1
  2⤵
  PID:7352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=14908,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15484 /prefetch:1
  2⤵
  PID:7544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=15604,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15016 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=15580,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15704 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=15740,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15728 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=15576,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16176 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=16024,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15984 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=14616,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=15844 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=16300,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16552 /prefetch:1
  2⤵
  PID:7284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=16808,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16840 /prefetch:1
  2⤵
  PID:8312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=16824,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16984 /prefetch:1
  2⤵
  PID:8320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=17136,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16680 /prefetch:1
  2⤵
  PID:8416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=17256,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=17288 /prefetch:1
  2⤵
  PID:8476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=16040,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=16320 /prefetch:1
  2⤵
  PID:8492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=16812,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=17540 /prefetch:1
  2⤵
  PID:8584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=17556,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=17668 /prefetch:1
  2⤵
  PID:8592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=17960,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=17492 /prefetch:1
  2⤵
  PID:8692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=17396,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=18064 /prefetch:1
  2⤵
  PID:8700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=18356,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=18096 /prefetch:1
  2⤵
  PID:8804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=15880,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=17012 /prefetch:1
  2⤵
  PID:5980
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:9048
- C:\Users\Admin\Downloads\Client-built.exe
  "C:\Users\Admin\Downloads\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:8224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=4492,i,3925452722486807161,13963420286287216571,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=18456 /prefetch:1
  2⤵
  PID:8124

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6364f17f503c580cf50374544a3ae178

SHA1
cf21d392b37addbe65b15c6e76c954e4e2da7d45

SHA256
ee49042919b6a41f8f6d63802e13c636ffcc2f9c34bc5cf81e206e9535eaa2ff

SHA512
d24d75ee9e6b7201e0bfc26af2d78f512544ca2c70fb645f263e846a4477ea5bd35017fdd46bdd1a88ee4987eb12bf15cfe651c9d3b2a1b41a1c5af5edf9ee48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
1024KB

MD5
722a5c8e9a28cf3220825f4e555176a3

SHA1
c662f0371ee534a0e20b1b9e6a5f49e4609fb86d

SHA256
21b7757220221262068a3943e4c7ac09e690e65c40403f3a20af4f58d1e5cf81

SHA512
0a9cc0a324b3bbc7046be76103ea9c909d6bce6017cfb7c409344d7610b8d720be6e115775ff56b4ade6e304e69cdd944482d5f2511865dd30bd60afd0282291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
20KB

MD5
6408c37d09ecb7370b4d61ea51a15ad0

SHA1
8fa447851c7db6c2a4e20a13d769ed926daee5d5

SHA256
38c4bb35d2dc312b0e82bf8c5098495fd12d73029dedb6014c8f3ead635e641e

SHA512
5436d6204625fcc424989776d5ceb7fbbe286bd37bf077967289ce336ecea0e1db85f064d51d4a18877cd96be0d20557c682bbf2ccc6e34d6e096557aa357311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2257c6826dfa75acbf123df5a2f66c47

SHA1
c0ecc2cf5a3eda2b331823cdf3e18130eac950e1

SHA256
73d15970c2f9cc9ead7fdf357c42eadabdeaf009f8a0d9309dac8e5b2870531c

SHA512
b36ce81a2f83ae0f5da04c72258f525965fae7ca071a0c6110e72f749a13b460de81029d2302f9a26207f1aa0529e3bdcd4d8ad6f52c1bdef862300957e534da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
fc2c5e03ae40aa9d5603bfa61eafd39d

SHA1
95a020c36274a01ee931909c8471c3d5dcd952e3

SHA256
5a7e9a6c9b8a70fadeb323e9fe23434ef1a6fbf9cc060e140d1df01bcd6973ea

SHA512
ace9fbb8fb8897b50bedd4281760fa468897dfbbf1d1d34893d70045b9ce633a9b276966f6678f64b1b7fc38882c10e148ce2a6f3ed2e775ff03d84d87ed87d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
68189dd8ae281b7a0aa86a5cf61b5e5e

SHA1
08db140132f8c17186e0dd83f2fae25aef2141d8

SHA256
085fcdc240f8b7349536adc3265bd02406e29e9088950c914637fda0146c6dc7

SHA512
8f608e84fb4b2d61009bcd989ebbca50795d869f8172ac1ebb8a7ed115f2dc7c1545bedbf945ce1c8653b43616682a2f68520a254cdde70d56910259510e4dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e26ee8a55f5e170c4bc49d3befbaa2b1

SHA1
fb306e7bba6f352775947d5e1bfdf084fc8281c9

SHA256
4d07edcebd10b473e7577db7b1b74842368cd47a035463861f8e4fceae400cbb

SHA512
f06af2d854f1b12c7820e43b0bd04cf5831a0e59d58ca6332a7b4dc44af25fd1f30beea1a9e3e4d5123c9d71e50b6af5ea196f174d5cc6324af2a9194d897224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91db307722228c5069734951b3d45c6f

SHA1
02ef6c876ac47362f18360d4ec9ada1e90c9d863

SHA256
4de3eb195e75eaf04d2f16263347d775c86db680c54da1bfc804f47a1f160a6f

SHA512
da99e63e48f86ea969a64dce32c3d0634e4bb82ca37a6ab70964309ad2263d6d0beccaf2073d40ae1ca923d243201e96fd17241ad9b790629a9f0d1c5b570dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c54dc37d0d1913c9273dcb8413b0ed9

SHA1
3a6ca2841e7d082da3c30ce5272cc0d33b8cd1f4

SHA256
d640c82a36e63bcf8bb9aa5f2ad28114b85fa4b71098eba9789a2f7480f90f7c

SHA512
2c503616301e15bd49518e9a4fb3fcc6221d207ded147845f9039a733e4dbfe6e113f125dcabbb3ceb156f8ebbb32f9b6c91d4af817175ab4adab0e50d93e2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4364d390bd1d7dbd85ab4f42cb4d9bfb

SHA1
f07fb1c339808f9013eda65e299bac7f5910c012

SHA256
b8e5bfb3b0e4044a5ab13be1777bd010c8660b3c07cfa2126b561fbbdfe56d26

SHA512
0c3d309fbe435e8c668b0e5e7a4e390a9705c67bbd677b77f30dd0506cf83905786ffd6217228719008a5928c91dde0e86220b5427fb3de887fcf247c8887c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e2254f06b9325cdc79878baeadd64490

SHA1
92272e56f038960a86208e503b7ec3fa9894078d

SHA256
aa23d05a809fa70f4b5d61c64131983249d52c094c49c42ddad8cc3d39c69360

SHA512
639e6763bff0184ced2519269bbc2059c98f55bc9fa33ac7354de928febaf7329a2df546b1e9a556886e3e850742d73b59f82a06a20692c31e64ce1d47fef4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
d15878de95d43977544727038facfe58

SHA1
b2e9e0d92ebe46e2350be8f617aef534822c9ebd

SHA256
99a1376b43a1b63aa351e995ffa46145e96d31c00d710b5556a880d24bb6d621

SHA512
324251c2debf72227030993f1a4e385d92cfc48fc76ddec6a7dbbf64019887799b1823e5edea45203f11ed034a3d2575eb39225ca911119d1c2c666c9b8b673b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 161025.crdownload

Filesize
3.1MB

MD5
d71135778da69d426f583782f6e2cdb9

SHA1
1287a30fbd56ab4bec324b7f5df4c90d1ecfd578

SHA256
3d74489a32a1d08ac726a5503607d70a699c989e486280abe29a4a6003092065

SHA512
c9c6511f62190282f0ed474542456029ad661d61d2fa02538ca4b72dea4cb7e87e232da33cf71ff609b7e42a05fad86413aef42f64e3e240b33faa9dde728dd4

Download Submit
memory/6468-294-0x00007FF8CA550000-0x00007FF8CB011000-memory.dmp

Filesize
10.8MB

Download
memory/6468-281-0x00007FF8CA550000-0x00007FF8CB011000-memory.dmp

Filesize
10.8MB

Download
memory/6468-277-0x00000000000B0000-0x00000000003D4000-memory.dmp

Filesize
3.1MB

Download
memory/6468-276-0x00007FF8CA553000-0x00007FF8CA555000-memory.dmp

Filesize
8KB

Download
memory/7276-306-0x000000001C010000-0x000000001C0C2000-memory.dmp

Filesize
712KB

Download
memory/7276-305-0x000000001BF00000-0x000000001BF50000-memory.dmp

Filesize
320KB

Download