Analysis Overview
Threat Level: Known bad
The file https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/download/v0.5.8/COMPILED.zip was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Async RAT payload
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Enumerates physical storage devices
Program crash
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-21 18:42
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-21 18:42
Reported
2024-06-21 18:48
Platform
win10v2004-20240508-en
Max time kernel
349s
Max time network
346s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\RAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | pastebin.com | N/A | N/A |
| N/A | pastebin.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\perfc007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh007.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc010.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh011.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh009.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00A.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfc00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh00C.dat | C:\Windows\system32\lodctr.exe | N/A |
| File created | C:\Windows\system32\perfh010.dat | C:\Windows\system32\lodctr.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634691328130872" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 = 8400310000000000d5586b951100444f574e4c4f7e3100006c0009000400efbea8582761d5586b952e00000080e10100000001000000000000000000420000000000d9cd280144006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 = 5a00310000000000d558769510004173796e635241540000420009000400efbed5586b95d55877952e000000f2350200000007000000000000000000000000000000d24b84004100730079006e006300520041005400000018000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5000310000000000a858a86d100041646d696e003c0009000400efbea8582761d55860952e00000078e101000000010000000000000000000000000000000fbf4d00410064006d0069006e00000014000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 7800310000000000a85827611100557365727300640009000400efbe874f7748d55860952e000000c70500000000010000000000000000003a0000000000eff5be0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 00000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 = 5a00310000000000d5586b951000434f4d50494c45440000420009000400efbed5586b95d5586b952e000000f1350200000007000000000000000000000000000000d9cd280143004f004d00500049004c0045004400000018000000 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\NodeSlot = "5" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{6E1542BE-2CE4-4E43-BD03-64DBECEF95AE} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\MRUListEx = ffffffff | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\RAT.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/download/v0.5.8/COMPILED.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4196,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3888,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3520,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5464,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5492,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --field-trial-handle=5304,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5964,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6616,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6740,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3532,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4712,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5064,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\COMPILED\" -ad -an -ai#7zMap16889:78:7zEvent22590
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe"
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6232,i,6593821857742176458,13646536021844995125,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "RAT" /tr '"C:\Users\Admin\AppData\Roaming\RAT.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpEC3B.tmp.bat""
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "RAT" /tr '"C:\Users\Admin\AppData\Roaming\RAT.exe"'
C:\Users\Admin\AppData\Roaming\RAT.exe
"C:\Users\Admin\AppData\Roaming\RAT.exe"
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff8a5a9ceb8,0x7ff8a5a9cec4,0x7ff8a5a9ced0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2684,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4416,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4052,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4048,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:8
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe"
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4552,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Fixer.bat" "
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Fixer.bat"
C:\Windows\system32\lodctr.exe
lodctr /r
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe"
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtAddPFX C:\Users\Admin\Downloads\COMPILED\AsyncRAT\ServerCertificate.p12
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3852,i,9811130411687161049,2877204376044296817,262144 --variations-seed-version --mojo-platform-channel-handle=3972 /prefetch:8
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2812 -ip 2812
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 780
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe"
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.40:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 172.165.61.93:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.6.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.233.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | dl-edge.smartscreen.microsoft.com | udp |
| GB | 13.87.96.169:443 | dl-edge.smartscreen.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.96.87.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | app-edge.smartscreen.microsoft.com | udp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | app-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| BE | 2.17.107.107:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 107.107.17.2.in-addr.arpa | udp |
| BE | 2.17.107.107:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 2.17.178.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| BE | 88.221.83.203:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 203.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.19.24:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | 24.19.67.172.in-addr.arpa | udp |
| SE | 23.34.233.128:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| GB | 216.58.204.67:443 | update.googleapis.com | tcp |
| BE | 88.221.83.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
Files
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe
| MD5 | 97a429c4b6a2cb95ece0ddb24c3c2152 |
| SHA1 | 6fcc26793dd474c0c7113b3360ff29240d9a9020 |
| SHA256 | 06899071233d61009a64c726a4523aa13d81c2517a0486cc99ac5931837008e5 |
| SHA512 | 524a63f39e472bd052a258a313ff4f2005041b31f11da4774d3d97f72773f3edb40df316fa9cc2a0f51ea5d8ac404cfdd486bab6718bae60f0d860e98e533f89 |
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe.config
| MD5 | cb1f2dcfeb5cbb5af8efa7ea40b8e908 |
| SHA1 | ceb040761554040cac2fc7ca18623498d3bfc7ce |
| SHA256 | 58f956abe9d717683f4a1cfa6f70e256c80461315a8d47b6456116b3d3075372 |
| SHA512 | f0d805bb7983a111b7083e08d5e53c30dd78a0a5fa2baa2af6c5d3395475a3399fd085d151cc8cce312c7eb3e11ac7c2cc78c49ff8a9bfba4b6ad6585caeaeea |
memory/1060-36-0x000001BB5EA80000-0x000001BB5F0EA000-memory.dmp
memory/1060-35-0x00007FF8ACA53000-0x00007FF8ACA55000-memory.dmp
memory/1060-38-0x000001BB79710000-0x000001BB79962000-memory.dmp
memory/1060-39-0x00007FF8ACA50000-0x00007FF8AD511000-memory.dmp
memory/1060-40-0x000001BB79B60000-0x000001BB79B6A000-memory.dmp
memory/1060-41-0x000001BB79B30000-0x000001BB79B42000-memory.dmp
memory/1060-42-0x000001BB7D080000-0x000001BB7D300000-memory.dmp
memory/1060-50-0x00007FF8ACA53000-0x00007FF8ACA55000-memory.dmp
memory/1060-51-0x00007FF8ACA50000-0x00007FF8AD511000-memory.dmp
memory/1060-55-0x000001BB7EA40000-0x000001BB7EB66000-memory.dmp
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe
| MD5 | f76702fa423ce2b2b4b0fdcf547b0789 |
| SHA1 | ea408a4419e8a3139ef14df987608964c12d3190 |
| SHA256 | 0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e |
| SHA512 | 03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971 |
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\ServerCertificate.p12
| MD5 | 1deb62abf002c49001200cdfa8cc2f5a |
| SHA1 | 459aaf61c5fb8310115cd65535d67890e4963e67 |
| SHA256 | 3434b9f90c9c2a670dc336caf8d054825bc2537e95ea2d282c212c4c16ac77ca |
| SHA512 | 67ea2074f9182447793d7f72dedade2a84ca12580b78afdda4b1c5bfd002ba30c4a07302b3d8732d158ac43f458cabe13dc809402a6863c143d2b2dc971cdc10 |
C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_rlcfuditezizgbmskmstccdixoxy2jyu\0.5.8.0\user.config
| MD5 | 46c32cf0d264d60ed51033c6fb9b9055 |
| SHA1 | 219053ee826dd49ff5e69708fdeb865e78180f08 |
| SHA256 | 14f0745f4339a2d9b9c2243e0488f6a956b170c5585de8ad842718e7c55f728d |
| SHA512 | d6a647eb0d2aed0332d9b8c71966385cc3a7b68acd121eb53bc99c05689a9d13c2cdf25231a4943522f1317d6b0ca18baf89326a02819ce20878b351459e5c14 |
C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_rlcfuditezizgbmskmstccdixoxy2jyu\0.5.8.0\uwauklhv.newcfg
| MD5 | d7704fba5acd561f74e072bc4b7243b7 |
| SHA1 | bd68d92fa59ca670f3b30f12e27f13a2325ce739 |
| SHA256 | 4a6cad2d0d9eb22228da12490aae3df1375408e645320103a595781d7cb157f6 |
| SHA512 | 2437a71ba0cd915d3bc2328b9923e5fc69fb20b05fdacfef043dd904a875eb28b828894f91c8cd022606b33cb2c87b0bf1882044baaf081ad377a185baec875d |
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient.exe
| MD5 | a82ff81f17f3cb96c95defffdb7fa290 |
| SHA1 | d01fbb32be99229a4d877e08a5de4273cbd3e3e2 |
| SHA256 | ba303903868c206472ecef1dec652cc51b1051b8c525422b21aacc672ae238dc |
| SHA512 | c81ac17cbbb6b2e79b74242a53d188d20300a4a07a50c43ecb11460918afba371874f82126f68138fe5130d3e3da90856393a96a5801bfc0dad2b47482189ef9 |
memory/4404-92-0x0000000000D20000-0x0000000000D32000-memory.dmp
memory/4404-93-0x00000000056F0000-0x0000000005756000-memory.dmp
memory/4404-94-0x0000000005B80000-0x0000000005C1C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpEC3B.tmp.bat
| MD5 | 511cd853d9e49e2392eb79ae82edd827 |
| SHA1 | 47e6b8f39ad3b412f4c0e3d4d8c3cb4e66764444 |
| SHA256 | d2cc3b6b0fcfc77f88dd47539c2b4f058f87e90626e9b1ade81666becb95cf32 |
| SHA512 | 458c3baad4aaf3b242cda3fcff4204dcd7f53fde00ea0230939d00a3583be331647f1765c1611a607db3eabf81de74213b3cd136688a726f778d09b7a889ac49 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AsyncClient.exe.log
| MD5 | 54920f388010333559bdff225040761d |
| SHA1 | 040972bf1fc83014f10c45832322c094f883ce30 |
| SHA256 | 9ed5449a36700939987209c7a2974b9cc669b8b22c7c4e7936f35dda0a4dc359 |
| SHA512 | e17aa5d1328b3bfd3754d15b3c2eded98653d90c7b326f941522e0b3bd6f557880246a6bc69047facb42eb97d2e0ed6c46148dfe95a98669fc4e1d07c21a285c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f7c8df0eae60b94c46d1aed4da844328 |
| SHA1 | 123fe1f5f00f764ed950d8224c3dd7b9e1438893 |
| SHA256 | 815136919ff4613b4460094fd82e47b35af80f7da04a8899cf83c2d53706b97c |
| SHA512 | 1107d65da4ef228c015f0a4d16e3e1ac4c7dbec8f6ce0acbf451149d3f314905258867e352bd82389e631fb291adedbb00920211dc27b3cab246fafd3577c52a |
\??\pipe\crashpad_2888_LYAJXSGDLYQOXKMV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d93f9364655c6997178f55ad99b84d1 |
| SHA1 | 574a92300d5f793fd8b5ce1c81dad66fe3727964 |
| SHA256 | c827490b254442a167728340b8bda8c9301d39711ca83cf96e896d5486152c73 |
| SHA512 | 921f74e3f894c8aed3ae2c378e1b4d904bbadc8595bb3852f38fce4932621967c911ba5368bf2dd94d9b57e05cd8bd9699546a6509774188eea868b577e3b2ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0d595f584ce55ebbfd4a49e88cfa945a |
| SHA1 | c0480373e4b3ebeeca6e83139860c5ade4b3ba89 |
| SHA256 | 9ba456b9b39867eca23a972e9ccb18e37456d2e2558fe59ff9da995abc7f7f3b |
| SHA512 | 4c62fe37b85ecfefa1ea9cd5cc4d0325773fcec241e7efc1343e6b7f18ab00e6c8e9b78653e4dcec6eb6a809c1a54f51b53aeb1b895f512b507c9a0aba4d0dcb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | d10b3284ee65a5942ca4dc4c043d16e4 |
| SHA1 | 52caf8d4407505997c977465a175347f114ff2bc |
| SHA256 | 4f205973c394d2f19826d5894a7647ff10a966d4d184ca0fd156d6825ee55dc4 |
| SHA512 | ace3ca69af8e16fddc3a60d8c8cc705fbfd7b3d9a05be6ffc2c3251600d1855fd087cd14ac9b76d9ba3f55182d409d59ffc3d36fa54cd731c88210e01bfc5e2e |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1181767204-2009306918-3718769404-1000\70c8050e67127bbdd8744af45d4d969f_d2547453-e731-4fdf-8f92-95f955a44aca
| MD5 | cbf9d8f274bdfc9f014b59cfe0eada31 |
| SHA1 | a5aa813bc7cef834d499af6b87365ac5049e6a12 |
| SHA256 | 690cb45fd1b61c2f7adb26775bcff3cc986816f356ec3cad0291df3b61e3d764 |
| SHA512 | 8bafa56211a3a1ef9425139f732db3ecc2ec069efc45c9a68ef3f5aac6bc8ab10b2eae680371526f34d4df36f2f8f685e8d068c6b000808ea098a03455ad6227 |
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncClient2.exe
| MD5 | 6f3f84141cb8bf7c1d8f23de34420a25 |
| SHA1 | 17ff408c441ed892734e72727f68ed4c8395c6a0 |
| SHA256 | 617fe099b8c0069c1d6f5dac68391d2504a4c5b36b78d0744d58ebb713d9aeb1 |
| SHA512 | 21f44b13a17d49e9a991c194dbc3d616ff0d09223b2d4508e35b12340adc9b31ddbf5adf534eb94e1b99d364a0bbb68d08ce1967fac0a69f0b1f4a2c2ed53870 |
memory/4788-258-0x00000000007A0000-0x00000000007B2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 2c0226cf06799eca6d61debdcfce5885 |
| SHA1 | 24e47a6b71d5bdb690aa53430d1f27818e23176c |
| SHA256 | 96509b2682a671018bd3653e6bccf8492eff494a168fe7d1ecbddb75015ed4ea |
| SHA512 | 11ce8843ca7975f0b01014db4cbbd05e1c68d70c0dd1d1f6728575ec4231f7baf480113e49e8cfd1c688a568574da949eabac231e887d0478f706d05453a9b39 |
C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Fixer.bat
| MD5 | 52ab2690a33a51804764be81820504aa |
| SHA1 | 36af53e8b27ea737c255402156c77c5f9be17aa0 |
| SHA256 | 5255fa89ba49c5f1f2c81d66d42e3b16305296945683954eab1492ed11b90b4c |
| SHA512 | 95579203bd7e3f2104ad2f886b162f9938d6e371ba351b0b9c5fb5d3368d674f22f4c2ccc54aece5a9ab5f044ca9deeed63a4ad30ffd42787c54807c8396f21b |
C:\Windows\System32\perfh011.dat
| MD5 | ab6f8e83a55fadfc107060ed8311e0a4 |
| SHA1 | 55a39474b14b6600543080268d41e8732ba0edad |
| SHA256 | 8647f007d314a30ae0760a8b70c6c42b4cf0e7da321795dbf1d254377a70ff18 |
| SHA512 | f5be5c78e9d10dd69c8b21ab4d5702a3a24e2ff4cec19ae56a9d58e6ceb9edc40e17b548373b7db5ce58b6759ef3ce361e8514c774fda9a7d988d330a7944732 |
C:\Windows\System32\perfh010.dat
| MD5 | 92c1b6edbb53fe2bdb3bdf4ac3976548 |
| SHA1 | 7167c6b531d179c17faddcb800736ee57bfd242b |
| SHA256 | 8f2aa1fed331bdd7dd0069fcdd03815de2efdcc62563123f5b2ba7f0d74784b3 |
| SHA512 | fb2c3f0597cfd9bcaf3bf5b6277d86e488e0aa5893a84c21a5609b129d94a9312b6550cac3769923bcac6673c81da574f544c55c288567b5f3e6a9ad122d45b6 |
C:\Windows\System32\perfc010.dat
| MD5 | bea0a3b9b4dc8d06303d3d2f65f78b82 |
| SHA1 | 361df606ee1c66a0b394716ba7253d9785a87024 |
| SHA256 | e88439ae381e57e207ce09bbf369859c34b239b08124339534dcc935a89ac927 |
| SHA512 | 341132d443cd41acf0a7eaee0d6883c40d8a4db8c59e056211e898c817c2847377f0208ed3a40e0fd6f73f0196ffcc680c55754e160edafd97036739861a6c88 |
C:\Windows\System32\perfh00C.dat
| MD5 | 138145450a903faeec6b50cc482f920d |
| SHA1 | 7408b4314f7489d9cc4bcac3bdaa2b1e3d0d1043 |
| SHA256 | 7d80d852e09fc4d3c56de4e09835cdb5dad4f278f56209c466d75e9d6c2fe2d1 |
| SHA512 | d0a0fc17b8154b9c66ff2a88d74b028976305b49fcf809d54992360c3391809a88d2e4959df6ca8130242b2510be8603c5641c0e62db88a34de0337b13ec5f57 |
C:\Windows\System32\perfc007.dat
| MD5 | 346d728646b9a6ebc5d93d187abcff80 |
| SHA1 | 0c6ca50c812dbc4f60843841824130b9b12ef3b0 |
| SHA256 | 465eccb7704aba5117a356b0469253b24cdc3ecc99330a5a14f33cb09206be7e |
| SHA512 | 4829fe8f15a319178b2d3ac4a74572da3b4f1bff02cb6673c5d24438e5d59cd083307e640daba78a37a719f361f10140db4601641627981cec14ef41b5a64a2a |
C:\Windows\System32\perfc00C.dat
| MD5 | 8b4b53cf469919a32481ce37bcce203a |
| SHA1 | 58ee96630adf29e79771bfc39a400a486b4efbb0 |
| SHA256 | a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42 |
| SHA512 | 62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575 |
C:\Windows\System32\perfh00A.dat
| MD5 | 85dbe627bfb856b9eacf633196ab7c66 |
| SHA1 | b5703c6d77edfa1717134784e61684b2d7a42e2e |
| SHA256 | 9eb4e83c4513e2028f4142cde91a72daa3d32006bf183288bacefc63caf8cdac |
| SHA512 | 948fe1519cd417c46fadbcedb57087379aa9e99571163084dc7e3f45fbdbc874686056765c9e598ec40d19311808e157bfc8ee71f13afa6184b17cbb000f21bf |
C:\Windows\System32\perfc00A.dat
| MD5 | 69c02ba10f3f430568e00bcb54ddf5a9 |
| SHA1 | 8b95d298633e37c42ea5f96ac08d950973d6ee9d |
| SHA256 | 62e5660f9018da67d3c6727c39e9690650beb62749df0b4c00e6085f36c8e94e |
| SHA512 | 16e4d29324c2b50e1347532cd0982a149a7c67c4f27a743bbad8609ac662c3e00fa1be645b1b5f23adca3abd60c812f3f87d669f5ffb42b90ca5026dcbf2824e |
C:\Windows\System32\perfh009.dat
| MD5 | e899ba2399c5a54e08ddcdec67b0652c |
| SHA1 | 72a4925c0ff569155b05b1f85077f65df42cfdaa |
| SHA256 | ca0856e721e8ed8287ddf4100cea90862e454c143febe56b43525db9be2b47f5 |
| SHA512 | b4cb5c979be2d3c1b1aefa898005e538cf07752258930137323c520d735b05ac2f2c9e5208f750e62b6c551234f0a00d106d8930274b389a6b997af770872e62 |
C:\Windows\System32\perfh007.dat
| MD5 | 2f4067241594899ff4443304e3ef39a8 |
| SHA1 | c25b57932ec8653008536167bfc1539b3a38b79f |
| SHA256 | f77c7d83a39ded171ffd5c52cbafd1bd8e2713674c139c2f6a60f912ccf8eeea |
| SHA512 | 116a633f1d3254c286897132cff9349fe53d770688d864a50ab919156968aa0620cb3aa1b03fce66882881f4da885f2a992f1d9ce0a7ccd03689f53b764ab1f3 |
C:\Windows\System32\perfc011.dat
| MD5 | 17fc81a0e3f9fc02821e40166f1cb09f |
| SHA1 | 2931659b064a216371420db215b1f48de29a1858 |
| SHA256 | fe933b8ae9d8fb3283a76b42cfed31be01d02c91cd7ba742b399df613762fff2 |
| SHA512 | 19a93f08124962c9826cb6794b897ddc3dd3391e2b24cebd70c2a8027aa082d2b65f2d92ba438684d6e0490f1dabb714bcb17561b951807589c5ce920f2e6031 |
memory/2812-1763-0x0000000000BF0000-0x0000000000C00000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AsyncClient2.exe.log
| MD5 | 4eaca4566b22b01cd3bc115b9b0b2196 |
| SHA1 | e743e0792c19f71740416e7b3c061d9f1336bf94 |
| SHA256 | 34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb |
| SHA512 | bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1 |