Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/N...

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    170s
  • max time network
    169s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    09-11-2024 12:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/tag/v0.5.8

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

Mutex

bMLd6U5QApOj

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/s14cUU5G

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Asyncrat family
    asyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 37 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/tag/v0.5.8
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x100,0x13c,0x7ffab75846f8,0x7ffab7584708,0x7ffab7584718
      2⤵
        PID:4496
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        2⤵
          PID:1512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3696
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:2468
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
            2⤵
              PID:1108
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
              2⤵
                PID:1756
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
                2⤵
                  PID:504
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  2⤵
                  • Drops file in Program Files directory
                  PID:2856
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x1ec,0x254,0x7ff7d60d5460,0x7ff7d60d5470,0x7ff7d60d5480
                    3⤵
                      PID:4528
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2000
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
                    2⤵
                      PID:4244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6320 /prefetch:8
                      2⤵
                        PID:4328
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,10004213437303688840,17989522847599842685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4704
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:1692
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4864
                        • C:\Windows\System32\rundll32.exe
                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                          1⤵
                            PID:5340
                          • C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe
                            "C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe"
                            1⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: GetForegroundWindowSpam
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of SetWindowsHookEx
                            PID:5820
                          • C:\Windows\system32\wbem\WmiApSrv.exe
                            C:\Windows\system32\wbem\WmiApSrv.exe
                            1⤵
                              PID:1184
                            • C:\Users\Admin\Desktop\AsyncClient.exe
                              "C:\Users\Admin\Desktop\AsyncClient.exe"
                              1⤵
                              • Executes dropped EXE
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of AdjustPrivilegeToken
                              PID:2688

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              5d9c9a841c4d3c390d06a3cc8d508ae6

                              SHA1

                              052145bf6c75ab8d907fc83b33ef0af2173a313f

                              SHA256

                              915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d

                              SHA512

                              8243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              e87625b4a77de67df5a963bf1f1b9f24

                              SHA1

                              727c79941debbd77b12d0a016164bae1dd3f127c

                              SHA256

                              07ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e

                              SHA512

                              000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              48B

                              MD5

                              5d8677769ced186db51da6b9c1359e08

                              SHA1

                              cda6e9fdf7c101f35775b14f069dffa800bbe4d7

                              SHA256

                              d9e69012801cda6896004bbafb0cb7e1563b94c727afce69e901bb954fd1a0d8

                              SHA512

                              0276b9b1c44bbd6c8c9c88deeff1e3c0299d011bccf3d65847770b9c20ba4a8d82335193007d23f08b7760132733bb78e04b63ff599dc3ae87afc6872526d79d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              1KB

                              MD5

                              2c9f1f83de83adf67d55776cbda678c2

                              SHA1

                              6a675eeb806c2322104142e1aece8dfdcd00c605

                              SHA256

                              38d9e5ae28561866aaf8843a40cabd39b9605c0164b0e6fed99da1eaf6220bea

                              SHA512

                              6898fc1f211774ec2c2383bfb8390487dd82d1ff357534f09e938593df51780dc444f9fffe9185b439c69ee480907ad887d8fd7773e2e9989a67c2f40208a561

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                              Filesize

                              70KB

                              MD5

                              e5e3377341056643b0494b6842c0b544

                              SHA1

                              d53fd8e256ec9d5cef8ef5387872e544a2df9108

                              SHA256

                              e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                              SHA512

                              83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                              Filesize

                              264KB

                              MD5

                              f50f89a0a91564d0b8a211f8921aa7de

                              SHA1

                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                              SHA256

                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                              SHA512

                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              111B

                              MD5

                              285252a2f6327d41eab203dc2f402c67

                              SHA1

                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                              SHA256

                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                              SHA512

                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              496B

                              MD5

                              5022b10efc3c6d669ded7960cc594a19

                              SHA1

                              a79ad985b345f09f5f4f265ba1867800ab4d3be1

                              SHA256

                              a6c395932ed70d3a45247d91c6593b48d6d389a52aa806ad484aef62b63c8e53

                              SHA512

                              a496101a7c30b7205f91698eec23c53b52d80a24a2208f3184733b905fd34066163df9688e00856278fc536fd955bcb0d2c62f3561f28718e378a08754c53c00

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              d8cc7a7f507feae4914dc6528833448b

                              SHA1

                              26c8ee1a02ba0bf901f066d582b02d2ceb15d9e5

                              SHA256

                              d2dafad15ddc2abb9b46c462e8a4a1570a85b50f3b5a2adec903c3e2b995c749

                              SHA512

                              b394d2a115fa0296a6f29742f92c547bec529625269fe5d88593f487fe2a76ef5643ed7e84788f95c235c059ad5fbd253b19cbb80a9f74a5b253c37669bb001b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              0885c9989d9039b94d50b79e2ced224d

                              SHA1

                              15cdf587626f31168e75af705704ebc74371ecd0

                              SHA256

                              260e5b4a275269d53ed17a90c0e3481d2b7402ad2098d0940d6337d89f7e67af

                              SHA512

                              fe0444c3a458f9c971fd7c44c452cafae9d24af060d564be1a3eea22fd23e10f3b036f5d33bcfe82d343973b7971cf0c401a609b92001ed518c2c013e4175838

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              6689d4f9e2903ace8a9188917b8055bf

                              SHA1

                              4a30bd2b4df56a82e7a4446bd701821e1b96575a

                              SHA256

                              5dea5f87349cd1e71211c7368b17c90ed9d8637dec218511e25a17ac9430da49

                              SHA512

                              3535b22abd70880bd8822918067d5495737c791b6a5c93e2842a2866cda551d513ef368295a7ed2c999cae0fd35d9e965671665619c07a5c5fd1c6abb27e82b6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              137094a3453899bc0bc86df52edd9186

                              SHA1

                              66bc2c2b45b63826bb233156bab8ce31c593ba99

                              SHA256

                              72d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44

                              SHA512

                              f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              364592d2cc18adf665987584bf528cba

                              SHA1

                              d1225b2b8ee4038b0c42229833acc543deeab0f6

                              SHA256

                              bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c

                              SHA512

                              0e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                              Filesize

                              874B

                              MD5

                              d740a95a82041ab49470b6f339d659be

                              SHA1

                              ea77e225aab9190281c8f69edde401ac55b60708

                              SHA256

                              370d2f38ef33fa094591a726a351002585d1c84c0675d3fe73931e3019e2f925

                              SHA512

                              20aa74053016d1c985ed5f20320f2f3d09f12136ad196b954423050690db0f5c1da0fc3800f957dc10f56fee046114f6b440a59e484ac42984af7876204390a9

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea02.TMP
                              Filesize

                              874B

                              MD5

                              fa2884f0d85784a04e1abcecf16ab6af

                              SHA1

                              eec65a72fc8061cd09d6fb87c841eadad273d73f

                              SHA256

                              a75c7e6f0a9b2c34e9543692f3b4423d00538ab8e75c8fc241e20d4f4117f3f9

                              SHA512

                              9667d85c35ddd3fe63eda4b02d7fea479189399c209a021ce7ec06d73d3bb689f96c10bc74a6a5a1feb695e9943ea1b81e3cd80669c749e4b70f47363a073a0d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              8KB

                              MD5

                              c86390fafe71fc35628682cdfa486e03

                              SHA1

                              9c70a80d77b3678296f27fad2c8435b3ee524306

                              SHA256

                              82252eb1241a072cce19dffdf07740ffc01e097216975ea9422e17910aaab5b7

                              SHA512

                              cfd8d2368e91c20cc14374abd5b5c9db8df19e5192647b9d477f96bdd0c20490919c940377cbad79d956ec7253a38df70b3c0226ea7cd3372a7b35fd4a2e04be

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              10KB

                              MD5

                              34a75c2ccf1ef35abcedf42c278e5288

                              SHA1

                              2dbacd7abf14e35b70ee961c2f6e02ad3786ea84

                              SHA256

                              aaefffbaf0fc1fedb83d6d6f1702fc1b5e836c1a1988f3992acc0a49a7347f36

                              SHA512

                              27a52ca51ca1ac745dc398edd0b5fe70db956c3ad67494640f5a79b6c1331609cb905a37893ca04a30272f61619bc4e816de6794640e8fa815418701489b1ea5

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_id0rl34oxreuuoxkuh1icsh0qae0uc4o\0.5.8.0\user.config
                              Filesize

                              319B

                              MD5

                              f71f55112253acc1ef2ecd0a61935970

                              SHA1

                              faa9d50656e386e460278d31b1d9247fdd947bb7

                              SHA256

                              d1ad588a08c8c0799d7a14509f1e0a7ae04c519102ed9d328a83fe65999e6179

                              SHA512

                              761b5c13e39bd4ae21d298084bbe747ae71c383fedf9a51fd5e9723a8b3b4547de459d82bac7f3f8f3bfc11cfb0528a4f1057b51996d7d046583109a53317b44

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_id0rl34oxreuuoxkuh1icsh0qae0uc4o\0.5.8.0\user.config
                              Filesize

                              565B

                              MD5

                              287e76ec13b95901841d07d404441acf

                              SHA1

                              374cd9ad10b90026fca70dbda863fdbac35a4aee

                              SHA256

                              ab182e8ea3e0e5f024f8ecc31ebcb8fec0dd731bf342e4243826eaa3a90e4b8f

                              SHA512

                              7ffeb222c8524a1551fd36625a0f4c435c34742fe3a5f7cd0734e8a1a853be6f3061f287831f5e8d5b9164371f10ccb84e82f9db6c7c4570a030d523723a5407

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              bae746ce86d893b424108f758d073723

                              SHA1

                              9ad5fa5f590cdec935f9657e5511aa9fb4dc407c

                              SHA256

                              38e0782eba61a66d1f739f4f15a25871665aefff0f2418de3e19108512b92dc3

                              SHA512

                              599e7ce67e3f4753b15618cffd1b7c04511944995935b543b06b91f44722cd0bc756b1f38d88fd6910b7e9613d2e47a26433002e9b93d3ef18528b06feb7339b

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              e40473a9be8e25a14310e9414dec8443

                              SHA1

                              64caef6fa7b8fadce47124f4721fe62d5f96d5ca

                              SHA256

                              5880ca3c609d901d88f2dfe486a31570058804037f12716266a898e0bca83226

                              SHA512

                              e56a3d051a94910ed264a59c30d7edc8b2c0bf0a64ff123854e9ddbc61003c469468a58a1e9262562220ea5b7d44befcd558ad00f473627b33dbb2120e2873dc

                              Download Submit

                            • C:\Users\Admin\Desktop\AsyncClient.exe
                              Filesize

                              47KB

                              MD5

                              d28eda402afa1c5312859bf83d57c06b

                              SHA1

                              fb5fefccdf5bfd7d8612e77e417e471aba8fa7bc

                              SHA256

                              8976ab043b9cb6cafa3a4e94b5d6016e89dd43e79e8a77f15acc581d2b8c53c7

                              SHA512

                              4574963d5037a74e820c86e19fe25a43dd019d7f83f9356aabfe39b4f1d71d15c464a615536bcaf7dfaa6cffec2e6690b6a3ad0df5c5f1e09adc629ed6ae6066

                              Download Submit

                            • C:\Users\Admin\Desktop\AsyncRAT\ServerCertificate.p12
                              Filesize

                              4KB

                              MD5

                              7621ad767562c6be0affad7cf7d2f809

                              SHA1

                              e8c275fc9de75a39b68e7d3a8d27ca6e68abce80

                              SHA256

                              787150c2c07bd80714fc9abdefb27ab19b5f6a8d0f1f6bc9447f03fda494b5bd

                              SHA512

                              9a483765cba391079227cfc0e8ede414d127e996c0709808ed5f373a23fd7c3beace29e7033b81f9b726ef99d5a57c0f5e204243d4ba8273c622a478014bc41e

                              Download Submit

                            • C:\Users\Admin\Downloads\Unconfirmed 220977.crdownload
                              Filesize

                              6.9MB

                              MD5

                              30b1961a9b56972841a3806e716531d7

                              SHA1

                              63c6880d936a60fefc43a51715036c93265a4ae5

                              SHA256

                              0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c

                              SHA512

                              9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0

                              Download Submit

                            • \??\pipe\LOCAL\crashpad_1636_YECHMIPPOHKWJNNN
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit

                            • memory/2688-507-0x0000000000050000-0x0000000000062000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/5820-457-0x00000275765B0000-0x0000027576C1A000-memory.dmp

                              Filesize

                              6.4MB

                              Download

                            • memory/5820-459-0x0000027579250000-0x00000275794A2000-memory.dmp

                              Filesize

                              2.3MB

                              Download

                            • memory/5820-460-0x0000027579680000-0x000002757968A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/5820-461-0x0000027579640000-0x0000027579652000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/5820-462-0x000002757D380000-0x000002757D600000-memory.dmp

                              Filesize

                              2.5MB

                              Download

                            • memory/5820-472-0x000002757C9F0000-0x000002757CB16000-memory.dmp

                              Filesize

                              1.1MB

                              Download