Analysis

  • max time kernel
    114s
  • max time network
    117s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    30/10/2024, 01:03

General

  • Target

    OptiFine_1.19.4_HD_U_I4.jar

  • Size

    6.7MB

  • MD5

    2e58bf463ec7e9964fe381a5afc17da1

  • SHA1

    40a44c00d4f06ba82e97b8eb71aab3823f4e9d93

  • SHA256

    2c010bcae341cf1003c194a4b566a0cb0c8dff2443d2f9fbd9e7a2d9abc8af6a

  • SHA512

    94d0673370168322cc6ba5ae7bc9ad5d5c4246aa10f8929239dedc25639255c807c32ea248ee751c42aed9ca61cf37ab391d7d3a9ba57bc643e091c9ef4009d1

  • SSDEEP

    98304:+4T54pxq3gbAuFu0Lw6jEKuBj036dh1KyMH9vPMDNgPjDbHA:+4TCxq3gtFuiWKufdh1jA9H7LPg

Score
10/10

Malware Config

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Asyncrat family
  • Async RAT payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 43 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\OptiFine_1.19.4_HD_U_I4.jar
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1168
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb0e360a-dfa5-4a18-9047-2b35629b71d4} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" gpu
        3⤵
          PID:2172
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83d16a43-1698-4565-b6aa-4000a19e3727} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" socket
          3⤵
          • Checks processor information in registry
          PID:4392
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3296 -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 3324 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dce586bf-5fc2-41cf-98f9-109d71b2627a} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
          3⤵
            PID:1932
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4208 -childID 2 -isForBrowser -prefsHandle 4172 -prefMapHandle 3328 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {579f03e1-ea22-45ad-8704-828f707e521c} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
            3⤵
              PID:616
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4752 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10b849dd-359d-4013-a0d6-ab65715a00c2} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" utility
              3⤵
              • Checks processor information in registry
              PID:4404
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -childID 3 -isForBrowser -prefsHandle 5060 -prefMapHandle 4212 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9197b50a-af15-4711-a3af-1d0232b9748e} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
              3⤵
                PID:4456
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4416 -childID 4 -isForBrowser -prefsHandle 4284 -prefMapHandle 4704 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c50ead-1b53-4e75-9b7d-21cdaa6c5975} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
                3⤵
                  PID:3028
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7841f6ec-2d0b-4827-8e86-75dd351852e1} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
                  3⤵
                    PID:3444
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 6 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd175639-f44b-4f81-b9b5-cd3f58b97234} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
                    3⤵
                      PID:1656
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 7 -isForBrowser -prefsHandle 5556 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8c934bc-f17d-48fe-a0dc-b92af6c68d5c} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" tab
                      3⤵
                        PID:1128
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                    1⤵
                    • Drops file in Windows directory
                    • Enumerates system info in registry
                    • Modifies data under HKEY_USERS
                    • Modifies registry class
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    PID:1528
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff9c277cc40,0x7ff9c277cc4c,0x7ff9c277cc58
                      2⤵
                        PID:2888
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2032 /prefetch:2
                        2⤵
                          PID:828
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2004 /prefetch:3
                          2⤵
                            PID:3564
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2304 /prefetch:8
                            2⤵
                              PID:1768
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3168 /prefetch:1
                              2⤵
                                PID:3720
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3232 /prefetch:1
                                2⤵
                                  PID:4760
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4572 /prefetch:1
                                  2⤵
                                    PID:2600
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4732 /prefetch:8
                                    2⤵
                                      PID:3508
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4888 /prefetch:8
                                      2⤵
                                        PID:2108
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5028 /prefetch:8
                                        2⤵
                                          PID:4696
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3868,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5128 /prefetch:8
                                          2⤵
                                            PID:2336
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4912 /prefetch:8
                                            2⤵
                                              PID:1488
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5256,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4420 /prefetch:8
                                              2⤵
                                                PID:2540
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4408,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5208 /prefetch:1
                                                2⤵
                                                  PID:1300
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3544,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3456 /prefetch:1
                                                  2⤵
                                                    PID:1152
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,6342236778712523589,13388836344386119513,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4920 /prefetch:8
                                                    2⤵
                                                      PID:4208
                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                    1⤵
                                                      PID:3232
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:1656
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:2796
                                                        • C:\Program Files\7-Zip\7zG.exe
                                                          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap4287:74:7zEvent28778
                                                          1⤵
                                                          • Suspicious use of FindShellTrayWindow
                                                          PID:4012
                                                        • C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe
                                                          "C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe"
                                                          1⤵
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious behavior: GetForegroundWindowSpam
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SendNotifyMessage
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:1540
                                                        • C:\Windows\system32\wbem\WmiApSrv.exe
                                                          C:\Windows\system32\wbem\WmiApSrv.exe
                                                          1⤵
                                                            PID:4964
                                                          • C:\Windows\system32\taskmgr.exe
                                                            "C:\Windows\system32\taskmgr.exe" /0
                                                            1⤵
                                                            • Checks SCSI registry key(s)
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:2148

                                                          Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  1888ecad9973d9e37377154360237bd5

                                                                  SHA1

                                                                  36d6b6b316b4a6d483f333cc0cdcfe4f39cc940d

                                                                  SHA256

                                                                  1cf056a4e0ac3f70a738c2fd16e431a3b1d94e16ae07ae21f284bc9040eb0159

                                                                  SHA512

                                                                  1bd4eb9c3fb5041e0f013a81845d60fdace461e387802a63664661743782d05e22cd49561b21c50c407dddf771067089ad03c4c451bfdc0e96a396727d758633

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\79598027-ce49-4c05-9183-1929cb93d3fe.tmp

                                                                  Filesize

                                                                  356B

                                                                  MD5

                                                                  abe9b6c5fad6710f3617974da6cfad1d

                                                                  SHA1

                                                                  df91d3ffa5e9763f4370057339f8d6381d4be6d3

                                                                  SHA256

                                                                  fd0be8534170087ab2a3fd51cf8803339681c98f6f008e2e8cc14a09b7280b3d

                                                                  SHA512

                                                                  29d58841b8c23706be7c3849a0c0c729325aa8d0ce1ddf251cdbbe28662da529e1126d7783a02fead08d610e838e0b038b86cdd2ebbdbdb4a997190950798250

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  445124bd13f5d7b39be8c58d8bc4cbb3

                                                                  SHA1

                                                                  9649e88c096cabb4b9eb60932a388274dc440000

                                                                  SHA256

                                                                  b2679d13cc677693487239dc9f9772054b0bfd9344fed143f428b5caf31329c3

                                                                  SHA512

                                                                  ba7fad05142ad731c45998746669060e480f9333ff4346f458289dba3fbbc286d5340205ce4765ab69085a52fbaecd1e58487b40c198f20a4a943aed4fd741d0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  6075775fd403ac220b777685c918246d

                                                                  SHA1

                                                                  ce876266d7e3478fbacea824c47cfb841cc9542a

                                                                  SHA256

                                                                  c249279cf13a4e825c943b30cb8b7c6e46a254b81e8c778d33947c76fa4d4ff0

                                                                  SHA512

                                                                  aab276829a8dc5db052323b3e636d9af06e2ab90f8e477ab1e3a87e9fe91c668d32ac9cc59ddec4b38a5aaf489ccc60fa21e36dbf6fb3f78b2c3c2aa902cd5f0

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  a6a2a4e9d4ec66561acd5e8f11ad1adc

                                                                  SHA1

                                                                  b20dbfb67e1d8a5c2a90ca84fc7e9a662a2900f9

                                                                  SHA256

                                                                  089ae8912e28c6952c6f3e9ce786aa6bd42cc4f94879c0614107455818d3b96e

                                                                  SHA512

                                                                  cce710ca7dd45e12bc23b74fcc7131e7571cbb4ec2596e61397ad6176fe5c6db9835d46a6d8aa29a44f59a82aadf8c9db723285af18f875d7e4b9b3991534523

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  18b039a46f31141eddb016a0c9fc3c31

                                                                  SHA1

                                                                  c79aada1c1f4d365cd2bdd1d6b67d67e90ebdf10

                                                                  SHA256

                                                                  9e05102f36f210558296b03a402bc102d81c4c23e02cd29a24cb1aa7ab9ab6c4

                                                                  SHA512

                                                                  ec2ba82fcfcb15541b38da41ccea9c5ac1eb69537d0befdfc0f619096bd53dbc1945df1049324e2a7512593e456b0a2a20d5a2e2beab587083c19a47b0de820e

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  41ad59dafa8b7031b87bb6c043d1bc8d

                                                                  SHA1

                                                                  4f6bd224869ac4044126f20759d003be3340f0b4

                                                                  SHA256

                                                                  2323b8e8762f682d39c8553911f669f521d77ae74ae403fcf2a2438b8cd199b5

                                                                  SHA512

                                                                  48d310ea1abfb25a4519209d09f41f075e9ebe8231ae822dbe4c3a360d2e009144ff368565518648a9b383b2a1ef8f06d71a8e9c9ec67c4daa005916e0cb3e29

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  b19746128963880dc452254d78189420

                                                                  SHA1

                                                                  5e3a6c4c6917084e980bcb309de9470507a95085

                                                                  SHA256

                                                                  a1bb752e57f737499d7a0eec5b2348d05fc75a2f85a380b989075101c2a7ad79

                                                                  SHA512

                                                                  812fe4d1e6f47434459219e7a28a6cb83b9342ce3656d2c9dad2b3ed91c766cc8f10b5c5dda73f3a6245b5707bec1c29499f2be94cf553badaf0161843414dc8

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  c86b571be39beed36c7d16aa3e481356

                                                                  SHA1

                                                                  8cdc2d59a7b092958adf560b935e8011c49a831a

                                                                  SHA256

                                                                  a597ff08eee45e259ef60dd0a4dde547216ef5b06d5c15b8750881f34a240db4

                                                                  SHA512

                                                                  1f5c8b5a924c61c5e486b5d4fac89d641b9a3ae0e173c9aa89f65cb80e361b42ad12e21158ff6bd296873eb7e3e77fdc93f3fdce2512ca757f66286c55527e15

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  9KB

                                                                  MD5

                                                                  82ceea0a2bd8515f840a672c033bc15a

                                                                  SHA1

                                                                  de43e972867a399029a485de14762cee135b69ec

                                                                  SHA256

                                                                  3de251f3c60424aeb471624655237ed1271387f929754e6672cc633797f261fd

                                                                  SHA512

                                                                  fd8b0ce8cd59f32a98986c53418176e40c2df82757b5dfbc35c22132cb398d96ba7aa30d8a77dc759ef87548b2eec8d37952b5faa671a89b862deb8dece12bcd

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  f8f61d0cf3c1064e2d89b78da0a18ab7

                                                                  SHA1

                                                                  4d18834457c1539a968db2966eed69f84504293d

                                                                  SHA256

                                                                  d0ebecb478f9296018253b36a731c2e45ccd0fe152f3bf81cab2ccf42bc17c5b

                                                                  SHA512

                                                                  5ee33dce8f9ff3851f90092645872e1438d48762a3794c54a20bca2d02aeec849e7d948b47eb629710041ad4a9d6d427e688daa37d57c1a2c4bdaaefd91255b7

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  2b10134e509dbe1fdf2af344c6a8e8c6

                                                                  SHA1

                                                                  cdd253a2d6d7e1b59e86661ee90c23be6ec2af00

                                                                  SHA256

                                                                  cfd6b199f2a2d777c1c6274283e726c506c8a5121dcde2148a1236d03ecc0628

                                                                  SHA512

                                                                  968ee3e1d49fae23427923fec7c4ce6bbcb272ce6b4dcb351ac38187c69a96c059f08d6ee583c4e43950a3045f95b47820858e7407bbf9fab5d9e8bfc6ba343d

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                  Filesize

                                                                  15KB

                                                                  MD5

                                                                  11163fa172f24fa5ed8d95a4e5b35d62

                                                                  SHA1

                                                                  980afbf90ef42e6737bbe8af36f3aae433817934

                                                                  SHA256

                                                                  9511493d0108489d499300e21d50a966d33038adc1200e8495820eefeea962b4

                                                                  SHA512

                                                                  2645d580dee543c5683a12e8afc9a5f7ebe003df638ec83b43aabff3333213aaff7cb2690393a7ead0ebc86d37e286ef046a7fb564c03f1055084eef563940f5

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  234KB

                                                                  MD5

                                                                  f35e72484e8d887a62cc5f33caff7807

                                                                  SHA1

                                                                  d9eca1cd53ea93f413baedde24a335557710cb6d

                                                                  SHA256

                                                                  8c2cb9ae94d081a93fe5709584f08464822104ae117cc4c96edccd473f9a18b1

                                                                  SHA512

                                                                  85b98e1c8a52e09b7d426a930a3660fde63857406bd1eb3dba5ed45e2e10e850aead22bc1c1ac5388bd2311def5d091c93d585f38c038b493068cec48031d3a4

                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                  Filesize

                                                                  234KB

                                                                  MD5

                                                                  353f3346c472c9b156665584cb4a895a

                                                                  SHA1

                                                                  231a556c47219ae59ca32179c00be6c93be679ac

                                                                  SHA256

                                                                  6d2830413ef05d8ab55e495defa4f489aec6e64ed8871afa48075359c4a10566

                                                                  SHA512

                                                                  8fc43732b2ad1eb129d6a5197bdee4a988fcfb87eb2d256bf1f0fb78adc01ba88028fa42ee69d3c224370fa325acabd46e7cca074e94920bb106b27ceb4df42f

                                                                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json.tmp

                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  e2f10990f5c762bf4fe33afdcae903af

                                                                  SHA1

                                                                  b6434d0a6d6f5a622eec497c52c4a6e9d522868c

                                                                  SHA256

                                                                  0632189326d1daeeb31661b06dc35c6de1d9e101c03401d2d41444eabf3caf98

                                                                  SHA512

                                                                  077ac75166ceb3c1f615135360ce459b6ea828fc931b9d04332a4dbc441c5f35a718354fda26d070ad38cc0b8a6c3fce00ab32fd818d036e6459a4cadaf702a6

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  7bb73566b39bfa7f18627594fddd7d5a

                                                                  SHA1

                                                                  96f8a478edcf581d8301544690f3eaf7edca8ba0

                                                                  SHA256

                                                                  6e04c2104694de2589aefa9ee84461787dd272e513dfb3246b04dbcd42b2e780

                                                                  SHA512

                                                                  55c0b61127fb0bcf7a5fe9b33bfd64b9fd890898f86641d3d2311f2ba32634c2e5fb24f423fb2fca044d20f3d628e7ad87827daada1586af4d842b72d4350abc

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  f77e94e2219e592be4ab77c53be2b3cc

                                                                  SHA1

                                                                  ad78b9b8646dddc46b4d6abd8f8dc9b01b5bd5ff

                                                                  SHA256

                                                                  183193e6099f90d0365f8bdffc5f6119d6fd464dd2b51131279be4344d8d2549

                                                                  SHA512

                                                                  921cd7999c160d3865ec88765762a2d270b6b39623d5b1ce6bccc6937c89da61655241e22d40c2e3cacf006a067af3d5d8370a6949557c73ecafae87d8fd1e27

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  4cd3dce47348189f81769fce798223cb

                                                                  SHA1

                                                                  911375c5bca0771126bd7a2a2f66fc6b7b2061a9

                                                                  SHA256

                                                                  04858b01cb640e168e2e93e27203e4731e6b2e2fffd9160ddbcdcec6bb216ff8

                                                                  SHA512

                                                                  9768d503b7f46c983a53e2843cc1840db0e12f0670c78adb18798bc33c75519ceeec0070f4e89f05b0ffabc636093cdb9f34c769e919b47ab595f21db0bedc5f

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\2a967363-9402-4e31-97b5-6910481101c5

                                                                  Filesize

                                                                  982B

                                                                  MD5

                                                                  41e8c06cb46ebc0c2e832fc0c5e6d7c3

                                                                  SHA1

                                                                  b403f253e9dbf183b472e828466b0273f93e2b63

                                                                  SHA256

                                                                  1209ce2bc064d7bcb1e46d24b3ac193e61b060871d62f86b8b3f4924dfbfcf0f

                                                                  SHA512

                                                                  a25091286aa2ab99c20bd316d3df68ead0e64d0affbbe9593b00e220b7b04a86da66beea946c321a82bdcc6dbbc76151e227d9c289327b7b470c9e540c92d6b3

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\9255ec5c-8995-42a3-983a-53df088931dc

                                                                  Filesize

                                                                  659B

                                                                  MD5

                                                                  23b8f8c369d170efc5ff9a07ae2d33a3

                                                                  SHA1

                                                                  88a75456779cdcfbd9a10a37787b139ff1599e49

                                                                  SHA256

                                                                  bdde917f1206e3804488ca8bf7039b429918cc6bfa1eb1ea3577485d6e5c1289

                                                                  SHA512

                                                                  97405dfcd9ec000f66dd7bd6d4d94c54727054c9413eead90195df34373457c8482f76b35214f60ff2f7b4286a4042155e7efe932d5decdd8208333f58347be4

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  ea890468f15790a0c2ada6987673ca66

                                                                  SHA1

                                                                  6c572191ba61f5cfaa6832de381e7aace33a5733

                                                                  SHA256

                                                                  d1cdcae6e74d62c204a215cb92b383934e509a058a5676a382e0113bdf9e72ee

                                                                  SHA512

                                                                  4eef4f6cda821b6ff6f0c06082dccac0a8b01ebbfe9834c6262ea602865bf43189d6ba8c9694046b3fb826f947c99e666a8c246fdc1cbb236136d12387555cf7

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  844c42c1c9efb8e019d803bfa0857bf6

                                                                  SHA1

                                                                  22c475cc2e115e6b196d4480d5e91f9d290e78a1

                                                                  SHA256

                                                                  711e6f11932fba7007ce999cd885a924f2d55cdce79309b20d6812bf9af132ee

                                                                  SHA512

                                                                  0a2080e1befc4c7562c3fbd746a36e1de443a598aa509cd2b4365af9f6836d9aae03440ad8b8fa093ea66392fe53832cf7a5614147015e225f5d0d5190828140

                                                                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json.tmp

                                                                  Filesize

                                                                  288B

                                                                  MD5

                                                                  948a7403e323297c6bb8a5c791b42866

                                                                  SHA1

                                                                  88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                                                                  SHA256

                                                                  2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                                                                  SHA512

                                                                  17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                                                                • C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe

                                                                  Filesize

                                                                  6.4MB

                                                                  MD5

                                                                  97a429c4b6a2cb95ece0ddb24c3c2152

                                                                  SHA1

                                                                  6fcc26793dd474c0c7113b3360ff29240d9a9020

                                                                  SHA256

                                                                  06899071233d61009a64c726a4523aa13d81c2517a0486cc99ac5931837008e5

                                                                  SHA512

                                                                  524a63f39e472bd052a258a313ff4f2005041b31f11da4774d3d97f72773f3edb40df316fa9cc2a0f51ea5d8ac404cfdd486bab6718bae60f0d860e98e533f89

                                                                • C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe.config

                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  cb1f2dcfeb5cbb5af8efa7ea40b8e908

                                                                  SHA1

                                                                  ceb040761554040cac2fc7ca18623498d3bfc7ce

                                                                  SHA256

                                                                  58f956abe9d717683f4a1cfa6f70e256c80461315a8d47b6456116b3d3075372

                                                                  SHA512

                                                                  f0d805bb7983a111b7083e08d5e53c30dd78a0a5fa2baa2af6c5d3395475a3399fd085d151cc8cce312c7eb3e11ac7c2cc78c49ff8a9bfba4b6ad6585caeaeea

                                                                • C:\Users\Admin\Desktop\AsyncRAT\Plugins\RemoteDesktop.dll

                                                                  Filesize

                                                                  390KB

                                                                  MD5

                                                                  cd4a9e669264419eca4de564e6272fe0

                                                                  SHA1

                                                                  bb69bb1542ea06395df74dbedc98866d6c8a36cb

                                                                  SHA256

                                                                  56fd699258a7186f709068c283cd725797bab392e3a6f1cd28f35bbdb3e98e38

                                                                  SHA512

                                                                  5addb4f97c7e1cb69e5167e670bd2c3a817e0415f1fd8a5158af7e03e4340a8b1a6d803e85c9ea56415b9e7d3dcb4c352775a6a6b4770443d72114396ffaa1e5

                                                                • C:\Users\Admin\Desktop\AsyncRAT\ServerCertificate.p12

                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  75b9bdf0578161d20c8e411433076e58

                                                                  SHA1

                                                                  edd5ae05a2b9438d141dea75975cd02486a824b9

                                                                  SHA256

                                                                  66411f3364a1a1dd46e8891160e46cb7640253c29c25f5afac708f86fa816168

                                                                  SHA512

                                                                  59d7735155e547af847adb321acc94fba0cc87e65eacdf572e7f1687c033bc371833fe20dd3b507d78f225ac526e942f2147426633915dbde273a4568d9e6478

                                                                • C:\Users\Admin\Desktop\AsyncRAT\Stub\Stub.exe

                                                                  Filesize

                                                                  38KB

                                                                  MD5

                                                                  f76702fa423ce2b2b4b0fdcf547b0789

                                                                  SHA1

                                                                  ea408a4419e8a3139ef14df987608964c12d3190

                                                                  SHA256

                                                                  0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e

                                                                  SHA512

                                                                  03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971

                                                                • C:\Users\Admin\Downloads\COMPILED.zip.crdownload

                                                                  Filesize

                                                                  6.9MB

                                                                  MD5

                                                                  30b1961a9b56972841a3806e716531d7

                                                                  SHA1

                                                                  63c6880d936a60fefc43a51715036c93265a4ae5

                                                                  SHA256

                                                                  0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c

                                                                  SHA512

                                                                  9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0

                                                                • memory/1168-18-0x00000117E7590000-0x00000117E7591000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/1168-25-0x00000117E75B0000-0x00000117E7820000-memory.dmp

                                                                  Filesize

                                                                  2.4MB

                                                                • memory/1168-2-0x00000117E75B0000-0x00000117E7820000-memory.dmp

                                                                  Filesize

                                                                  2.4MB

                                                                • memory/1540-671-0x0000010CC92B0000-0x0000010CC92C2000-memory.dmp

                                                                  Filesize

                                                                  72KB

                                                                • memory/1540-707-0x0000010CCBB80000-0x0000010CCBCA6000-memory.dmp

                                                                  Filesize

                                                                  1.1MB

                                                                • memory/1540-672-0x0000010CCA490000-0x0000010CCA710000-memory.dmp

                                                                  Filesize

                                                                  2.5MB

                                                                • memory/1540-670-0x0000010CC7200000-0x0000010CC720A000-memory.dmp

                                                                  Filesize

                                                                  40KB

                                                                • memory/1540-669-0x0000010CC61C0000-0x0000010CC6412000-memory.dmp

                                                                  Filesize

                                                                  2.3MB

                                                                • memory/1540-667-0x0000010CAB590000-0x0000010CABBFA000-memory.dmp

                                                                  Filesize

                                                                  6.4MB

                                                                • memory/2148-739-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-738-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-746-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-750-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-747-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-749-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-748-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-745-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-744-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                • memory/2148-740-0x000002456F540000-0x000002456F541000-memory.dmp

                                                                  Filesize

                                                                  4KB