asyncrat | 0bcc2c4d42966857ff5c047308049fe1a7a2b8bf393957fa07c85623488ce50f

Analysis

max time kernel
81s
max time network
82s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
30-09-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wil25.exe
Size

47KB
MD5

21e648cfae4d4cf760a1a415c712df22
SHA1

71f75e83f9512dfdc4ec5d77d57a8b87a877d3e9
SHA256

0bcc2c4d42966857ff5c047308049fe1a7a2b8bf393957fa07c85623488ce50f
SHA512

d484ecd05225b09a4def89d72943f463ea760ba0615fcea5b87db485f9586cba958ac7cc734fb224e4bd3168080e73533843b76258789074619bde619443e743
SSDEEP

768:BCT3ILNCKi+DiP8l5MBN/QisVY8YbPgw7qm7dfqvEgK/JrZVc6KN:BCYmUMiYzb4DginkJrZVclN

Score

10^/10

asyncrat discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

myhostnamejuly.kozow.com:4503

Mutex

5yubtrvtybve5_qwqdanchun

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722038810765041"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1596 chrome.exe
1596 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

chrome.exe

pid	process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1596 wrote to memory of 4516	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4516	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4864	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4956	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4956	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe
PID 1596 wrote to memory of 4880	1596	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\wil25.exe
"C:\Users\Admin\AppData\Local\Temp\wil25.exe"
1⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffaad88cc40,0x7ffaad88cc4c,0x7ffaad88cc58
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3092,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4420 /prefetch:1
2⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:8
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4936,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4568 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4668,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:1
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3444,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3480 /prefetch:1
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4956,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3796 /prefetch:1
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3100,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5296,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:5052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5212,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4260 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5156,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4580,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5808,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:4524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5996,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6004 /prefetch:8
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6140,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5964 /prefetch:8
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5972,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5760,i,13078749723445774102,10124010331548026109,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b57e3265aef8299b85ed0b2ae67a9c82

SHA1
190a214c89b3b85e31b29c34179c2a2ae9b83469

SHA256
7b0e1130bc68b1c2e33ef8a7171a0d21ea848b94663343b5da53099cb6d4c79e

SHA512
746ed4c60d57bd6d3f0719e004631ec4c08c4b55e5410acf3a27689d8cbb9db2211bee2196f2a2d94852b7a065de6b2a178435c3717eda51a758db3a747acc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e9cbf5474bbfd99836b0a7c01e4a60b

SHA1
cb419b33ac59ab7fc80a9e874d606d522edf1fd9

SHA256
18f6ac5fcaa1b4247ab8cab266d6764cf2fc11c9b87a0b63740ba04655fd5e20

SHA512
9ac648d46b439d503606bf8dd0bde9e77f7a98c9d7c4e0886e001cf3fdeb23ba9d5560a9311fb8c03f67277a7e51f89bf9ab4db9c9a3d3d1656b17e277e331bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
f73c7570217a51e119edecf58575cb6c

SHA1
086ba13621acebd482a1b2790692588f4ca77479

SHA256
cd685f6b0fc05323811ea94c304b768618903707de797bffb2a65785ecb61fdc

SHA512
1889df4e6a89c025dc36d246f2f8821fc0d5c1ae704ca5854c89e3d45aa8d1730d73aee8665d49d82f741a257935818ded05e78794bc9019f160ed06dd035688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5bce6baa5ad77d149f767df4b0ca326a

SHA1
bb2f844afee73769428b2ac7fd84e9aa9d6a7634

SHA256
760fb211a9533a217eb0e963aa009bab56c5230a241046ab281df4cba1aad735

SHA512
7d5c2b421f8f4c10bd3fd64a2a8fc2bf03b79094ec01fda2a82ebfded186910c9b56201c37b14b57843318506bd57ba192f13b0841dd1ed12964bdec9adf67ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
378f169530a5bfeec70fbdeac1568118

SHA1
3019839a7a6b5349781b4c65da748edc4c85242d

SHA256
9d7d93663b0a0e8b40b86eed7fed95a767b109deb6fc678220d3c1b743304909

SHA512
2eb2a71975cc3fe6337e2787dae2d0124c7d14dd13ad9dde8320535da5799a15cdce5e4fe58e3875e2bfb32f10fa4a7bcf97d4998feb206581790a93dca957c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fe18b7e9b117db01808419f8b3fffa1b

SHA1
99b2999588f184f4eb735113711159820a6e84fd

SHA256
016c3d712ce17c3f0f8f74b92af264bf188f29de7eb26339df51fad6e74f0ee8

SHA512
e9054f10d6e6b45a67578b588d8b74d4adc7752206f097c3efc9619e83698b0ad502ec31413a9ddafc3b7be3e24d81854e7aa11782f501b843538b8b7bb18274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
77761ad8e4780f16735f0ae0384868bb

SHA1
f84c99d5e78f430a93b34678f0f52b3cf0b899cb

SHA256
8dea3c0f7d61cb576efc1c995a378d3cdb8c3ff76ce6b7c81f5cf4b75338fb5d

SHA512
36e72e3841fe10b791bb3c218512b1f72036ef3f97d4ecd59ea9669f994c19d1474246b42dcbda32300673f8c5a42d3d8d05c52e2b9024c5b0ae78b5b33bc9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3120a305be0f77f608dc6c25198f0490

SHA1
b6406d4784d91baa88cd4434e2f55120d5580f68

SHA256
dc551b9c766a86bf1f20883c47791391f25eb67dec518390c3ce9742927845b0

SHA512
18e5a5f960cfc30909aaafcfcb4d19a90b54cee63cb13f8d4eefaa2a70e45327018394036a2c5f791c99d787e8181e8d22b826e70c7ad9a557f24c169a7792ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7109aa81b5030022edcdc9cae16dbbd2

SHA1
1025de10db9611a152b4e97e81a39def3319e98d

SHA256
8bc963287fb1b508c6fd021e10bc8c3798f4c60cac0b259af0c063c1019c2c1a

SHA512
f3cbddcbc4846ccbf7cefd5f176a63120612c29c1fb169be84d7b840cf9c45bf34d45623c3b98e598e994ecba5b7ee0f525cd65c96b16a13329908934d1e0de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e3d9d6856629b21f825eee0ea3ffe40

SHA1
9476d5b0f8ae28ac153e3d2673e459f755dc5c8f

SHA256
472cf80850d0d313408be7e5f4132fb00fd85e828c2f678de18a089e6cd2ac0f

SHA512
b1e22f74e4dc8d2d21b637d7eef3c0f33cd6a4d8796e90000540ba8b54f9d4ca97f5e283cfe1bfd0a805b9abb55983060c7e5706b739822df2ff542252e6822e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8354eed9944d28fa86afcad00ea1632b

SHA1
6aa7802fef2c2ecf80201a49ef2b6b8b3e1456ce

SHA256
3678ad339ffb214dea658b6a0f057feff7263c674ab72e5fc4ce68024b0be473

SHA512
4a298393f6d1e4d060eccc6d1682f9bce4c764e89e1ca6e1d2ba235013dcaa5f7127ea2c240f485a369f6c2dcc24210d6b6db1a78ad1796cf8305c1aac5d0032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b02846fd35fa1c3247dbc2795f42f8e5

SHA1
d47b472670405bdd3d0d266aeb61bacc40da41d5

SHA256
0a5b24bc839fbf32039e1973ab5480e0c90f7046f92bab0dba72446892fbf0f7

SHA512
bc8e251950c72c779292214d0cebeaefd60680264aa97e9f384882146a7f085a199a641deaa0706be8978d640f6333915615da064f15eeaa851df67ca047df8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
641e99351e255d8ce5162b9bdce68cfe

SHA1
c2395c3005227137bdd4b13ddc8b0352ce2a54e9

SHA256
c10edba29c7b135c2990eba7114b28952cee71a36eb34dc28b234148ae4079db

SHA512
e991a14a5eb174a513e4a12db41b0cc0ab2c43deff4850ca804ae551f4168d2a0a13db2047529c1ae1d26f0ad39451a346b4c30c8ecdd335290d55e60b774639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e57b59e83adf4ee49f5b632916b7afd4

SHA1
adb35fd4bfa9fc2db8f471383e423bf0953bea55

SHA256
8d269d599af00c548b95133bea0e971ab8068108529bf91ccafdc112a77e400f

SHA512
8a899e166c9634a6d669a35c6ed2ab6b89269697d5c9f34c9a4623afef2861f570bdedf1c62313c3c64025ab5d5b818fff2a88e7939db75bc60e2d7b35edc5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
111d8f9f6714061992e12fc13755ac06

SHA1
8f0624566f38a754af8bf852c21d7eecdc7d9694

SHA256
139ea9dfba579021162272d34d7193aedd3b3ab3b39907a31e96f0f15d665c30

SHA512
27cc8e699f2187638d33ba42f71b98ad4975e433e783004234caf73446912eb06336d9b370f67574e33417b0716787b0b96f792839ca901026aff03367085945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
275be1805c5b0bbc9f329e9a918cbc27

SHA1
ec9d93a3765ac8a54c5cc3cb1781f08d5762f5ae

SHA256
e0f68b1e759b23e8a25b1e56420c69d11683efb0e54c32187885f35aadc8d51f

SHA512
cc3aaac0a3f7a67c2a11d239c7243831aee9f0958988c238416197f40a210f5d201e1e689c6dea581eadc1d9c2685b34dff71afaf10dc3053f44431cf28453e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
328d21f859c4511e9701b528ce81e7ec

SHA1
8e1fe2407e7c28421253eff4bed183c66503bee3

SHA256
3e4f5a94ca4b5a75c59d1313ddbf54fd12841e9a63f1e452217d06eb2fa442ce

SHA512
48283c3048da5f041f16dfb71ed02e4b226c8911e56d64d288e412f99f32b0b6f04e9d656abd68628e09daf6d143f4a9d3f38660fd6bc1cbc4a98f61b3bf8a50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d6d16a45-5ed3-425c-9e3e-33e04e7c2b0c.tmp

Filesize
211KB

MD5
d8ea0231c8112f3bc78be18098a4e7ab

SHA1
b23fe904eaf3269db86d70659db3fb843fe97db2

SHA256
61db168e95dd47ca1980f287d664a6dd91649233bebe51a0b4946fb174f67fe7

SHA512
b7702c14ca6984d2d701410bc24ca654d7ac04d33587929135086701de9a1ce553c16829e04947d37660bd90f1a4658d26c3ffb4372b4a16431fb13b8d11be2a

Download Submit
\??\pipe\crashpad_1596_PXTMQKPJNGAKFBVR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4508-2-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

Filesize
10.8MB

Download
memory/4508-8-0x00007FFAA0650000-0x00007FFAA1112000-memory.dmp

Filesize
10.8MB

Download
memory/4508-0-0x00007FFAA0653000-0x00007FFAA0655000-memory.dmp

Filesize
8KB

Download
memory/4508-1-0x0000000000C70000-0x0000000000C82000-memory.dmp

Filesize
72KB

Download