asyncrat | hxxps://github[.]com/NYAN-x-CAT/AsyncRAT-C-Sharp

Analysis

max time kernel
432s
max time network
430s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25-11-2024 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp

Score

10^/10

asyncrat default discovery rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

Mutex

SGO2s3dmEB0s

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Async RAT payload 3 IoCs

rat

resource	yara_rule
behavioral1/files/0x00280000000452c2-441.dat	family_asyncrat
behavioral1/files/0x002a0000000452cf-741.dat	family_asyncrat
behavioral1/files/0x00280000000452d7-742.dat	family_asyncrat

Executes dropped EXE 3 IoCs

pid	Process
5936	AsyncRAT.exe
4744	NoObfuscator.exe
5468	ObfuscatorOn.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
38	camo.githubusercontent.com
39	camo.githubusercontent.com
35	camo.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7ec0e8bc-ff8b-4860-bfe3-18b3cc178e3e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241125011807.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoObfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ObfuscatorOn.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AsyncRAT.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AsyncRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "6"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\MRUListEx = 00000000ffffffff	AsyncRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AsyncRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AsyncRAT.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	AsyncRAT.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\1\0	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AsyncRAT.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	AsyncRAT.exe
Key created	\REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4744	NoObfuscator.exe
4744	NoObfuscator.exe
4744	NoObfuscator.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
3300	msedge.exe
3300	msedge.exe
2932	msedge.exe
2932	msedge.exe
4768	identity_helper.exe
4768	identity_helper.exe
4700	msedge.exe
4700	msedge.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
5200	msedge.exe
5200	msedge.exe
6064	msedge.exe
6064	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
5936	AsyncRAT.exe
5200	msedge.exe
6064	msedge.exe
4408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	5408	7zG.exe
Token: 35	5408	7zG.exe
Token: SeSecurityPrivilege	5408	7zG.exe
Token: SeSecurityPrivilege	5408	7zG.exe
Token: SeDebugPrivilege	4744	NoObfuscator.exe
Token: SeDebugPrivilege	5936	AsyncRAT.exe
Token: SeDebugPrivilege	5468	ObfuscatorOn.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5408	7zG.exe
5936	AsyncRAT.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5936	AsyncRAT.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe
2932	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5936	AsyncRAT.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
5200	msedge.exe
6064	msedge.exe
6064	msedge.exe
6064	msedge.exe
6064	msedge.exe
6064	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4744	NoObfuscator.exe
4744	NoObfuscator.exe
4744	NoObfuscator.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1860	2932	msedge.exe	80
PID 2932 wrote to memory of 1860	2932	msedge.exe	80
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3384	2932	msedge.exe	81
PID 2932 wrote to memory of 3300	2932	msedge.exe	82
PID 2932 wrote to memory of 3300	2932	msedge.exe	82
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83
PID 2932 wrote to memory of 3852	2932	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x100,0x7fff576746f8,0x7fff57674708,0x7fff57674718
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ff61e545460,0x7ff61e545470,0x7ff61e545480
    3⤵
    PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7004 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5471298987681933053,3475434535029957773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3628

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap22806:74:7zEvent1743
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5408

C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe
"C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5936

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:1996

C:\Users\Admin\Desktop\NoObfuscator.exe
"C:\Users\Admin\Desktop\NoObfuscator.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Users\Admin\Desktop\ObfuscatorOn.exe
"C:\Users\Admin\Desktop\ObfuscatorOn.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a134f1844e0964bb17172c44ded4030f

SHA1
853de9d2c79d58138933a0b8cf76738e4b951d7e

SHA256
50f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589

SHA512
c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78bc0ec5146f28b496567487b9233baf

SHA1
4b1794d6cbe18501a7745d9559aa91d0cb2a19c1

SHA256
f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109

SHA512
0561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
25KB

MD5
e29b448723134a2db688bf1a3bf70b37

SHA1
3c8eba27ac947808101fa09bfe83723f2ab8d6b0

SHA256
349cc041df29f65fd7ffe2944a8872f66b62653bbfbd1f38ce8e6b7947f99a69

SHA512
4ce801111cb1144cfd903a94fb9630354bf91a5d46bbbe46e820c98949f57d96ec243b655f2edeb252a4ec6a80167be106d71a4b56b402be264c13cc208f3e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
ca01e35d6e09bc48d8099467abe7073c

SHA1
050c0f2b0042ae9b2e99ea942af5cd85025dd600

SHA256
a2fb707740a96424494e09a5124fcbb17226c0036d904706520d0c2a5768a048

SHA512
a5935e6ee6e28c41c4f388240520993d3627af34f4d44dd5edd1faa0992777a00677d6c7d48755aabffb4fa0290dfd0726a8ec25ab280432e7556ffce6654240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82ffd56c009e423001c29c4ee448038e

SHA1
89cd0aaf2353c9eacbb9afba936386d9f66d3fcb

SHA256
49e3bb943ea1226ed59fa4c78132a63e14c7047f441d3c798fc2fb812f8f9523

SHA512
c2d96de97fbffb068469231484e2a02726a98d063f16076f0331c4466c3f6d80fa8b1fb6a50166ac00d483d5e7f68a466047a215f717e33591c2a5e08d8e31a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d622cefcce435371490679152a7d2cfd

SHA1
37b38bfa5302761d98ed3f8cc20226b66acdfafa

SHA256
e26c7da3b6cd22cf31a9973f0402578882c6c01fb0b20490d2e08024445e9028

SHA512
01d8259b7f81ea4f574a3117ff54aa42c077d33c58be2cb8548e4bf7af846d6242ae6f023d65f6c801dec00ab83c6a092083e6f4145e80e78c089fcfd631639f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
caefb34cdb0f4568eb6ab4fbca527b3c

SHA1
09ff7569c42f097eab5434e2dd325942d1d9aff9

SHA256
d2df7f431a4f9bcafce0c6aeb4b2fa567827104e79353f606480895b21f67e2e

SHA512
10f983bf29f64b4c334f8fb90fcce1f52fbf31ae1a94e563ec1f9cb0e3c4c6ba679fbf64764828099df0c59a3eb016658fc14746ab6765328ef64fb975f63329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bc499180560ccdca07588423f27e1b3e

SHA1
2e749abeb7610d81da273e5b5c26c9f648abb389

SHA256
ef01c6f07507083a04c3d168af62f01aae66a7ea4040afda00fee1b3cec803b0

SHA512
41bed3e4972c531291d018cd71124e48c68bc94dc77808e26a9ef3251b984816383b7d9bc486c1beacb3bed058d6a7aa56f9b6f5aa74c98b7aa7c8b4e3faab48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1f6c03f9831df4c89c125abd21798cab

SHA1
97cd94d2624c77b0a70120d1f2287af21ad6b52b

SHA256
83500f8f8e2477ac26887573697622326fce3e5e65b1dd5a14c67ef82a46acc9

SHA512
32ac43a8e6b97786ea2ec0008edb916f00d3f59ea1202eff764aa0f20201d06db5e72bd66685188e88124c552efc1df1b0f92f9d4d31d3eb43a4d5d11e04d2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9a5ae1986e98fe22cb73079baab90624

SHA1
d6c6e80feb57db27355d5366d2463d15f55f7101

SHA256
c21993475c7edee802e87041c5f86cac8b6dda81237931508576419128e0a3b6

SHA512
4b2eacea1a9e3b613a7fd24cab95c2eb4927b6e9b0725896a3b43ab3d073c94fc11e60dc41d20125b25d86f6e3c698d071b625caf9aa0a636c807e359e7bcccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
580B

MD5
b2be0b91d96be56fdbb89506060fa0a1

SHA1
74c768352c4a3684fd9f28e3efe3efc578fedf7c

SHA256
996f6d2e255c465fe859c5cf6ca28e722cbd6e33449020e54df2029c7922f145

SHA512
0296104048192a9c41b3c251a2d2af02edc6dee1644e6ef489eb97c67f7cf8e51f5eba468f1038a972e50f5e11f04edb7d3f3f7f2f6265d7f70254036ff995ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5d492096aa0e46fbd1df8b3daadae2cd

SHA1
77f4bbb10a30613e79007f3757c76cd3bc74a276

SHA256
2639a25e78d9699a9dcd6c68fb457919f8a54cfbd50cdabb5e36a453b6f27646

SHA512
48aba819bb3a297e73a2418fd9802f00ffe85669cb07275d7f68a2d8d93536246f8e5a3bee425e2ab85d7154738ae43f162fb8fdf433e1d44ad726ac4b93340c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4871407489c2b6f88d13b377c4e9e951

SHA1
1b3a9f69a8033d05a2781425904879856a4b7f94

SHA256
a1bc873f15c3dc339a500eb0cca8e4037eb3f2effc57eb91f69474f205e7632d

SHA512
9d1e683addf92f1a6c3b40eff5a1464d5a72061b4c40632177ba1b6d6956125aaf18abe2bae66ee6cfb94b7e2ab559072fdacfbb8c736e2c9216dd970c8af76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a864b082df6fb8ca26f0f1454a75ef92

SHA1
66eee94103be89a24278516fb6fb0c99238170af

SHA256
b8777b8370e7205fc3a582053dcd1d5a0da7a262c9ca83407480b941de4d045e

SHA512
98b2af4cd1076814ff22aaccb6d3907c6567e11da1161bf7d72e781248d69a669774cba224f2ab2aab5a3a67d286b0898b2848dfcfddab6e02daa4824b48fded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
410f938f36b50b13ce0741e8600698c5

SHA1
3049f88c2a60795139151502e85ab6712d26ff95

SHA256
763e90b6f1c3f636f139bcfa4470445774a92b0e8a124b6c109037b35acccbd5

SHA512
3af7c2b224c2e95c5e70f793b2a9ce11559cad7699c300e361207919334e1b7c712b1b9ae22323192f3307af0392e317d6a69d9de3e0aae1db0a3a388a432dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7a78ce9df5900bcb352906ecc368cadd

SHA1
987aaa395a3e6c164d64713b78c964fa361a61ab

SHA256
4d32cce52693396e90b28c81f1d5c0e002ea3157559b77e4bb4d68317fe5f905

SHA512
9361ef80c01261b6ebcd4170985597ca7b4a75278d4bff8d12fdb9a824183d21ad0e2b5cf0d92e12382cc3b595d8cf3321283e05e09e30a02710720f840697c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3401aa88fd68ccc67fdd1ded7f3f9ed2

SHA1
66a0d693583e5884f7413f53938177c7c854e8a4

SHA256
4f95099b190cd9e2a9ccee01589b62c7a88d10f8a7b30084bb557af000c890d0

SHA512
9995ea8effef8d48512f491606d998038016e48fc78a1fec242e69fa0abd19cbe3d2b6fff15158a5e452a6d6ddbde2396fbbdb0b9aafc29c6903300db1d97952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e2cf76f4b39eab661601a9b861ba98f

SHA1
8c339224d27c79b69558213ec6c252caf944ab96

SHA256
9795558a4787f67245390ef3ca838c18540028a5545fbaa5b49875d0753c5ac1

SHA512
23ceb1732cd3af9cf3a7ce13e335ea7532e7d0760a35b68a4b2211d9b93a184dd4459ab5ca2b42d840516114c33fdb6e28b08613dadeedcafb6e0412cc258bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
626d125b1b1df4d3bf97e38b6309464e

SHA1
9bf40ff79d7261bbb5275fc506d940d55d326e99

SHA256
900f11b8dbf79d9b7c796a41a88595a35e4e2eda1100767956afeb97f59f194c

SHA512
a877baac7dd9b6e16b9b5e54b3d27e5339ed8e55f149be0c0774fee41cd024d43f9d5391e4042fb75d2f7c1351ec43f06befe5eb290dad2092aa3c14f1135768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9883c7e4b0c74b7130a8f5f09150303b

SHA1
5a8e96c614f939646d507e4f4fdee361199e06d6

SHA256
1988326069c93dbf8a8241eec5e3e0b32936a04e57d5b0f64754635801cf6e57

SHA512
ed9ca82fae499db913c579ad6e53c4f25d3f1dcbcca2f45cdec1a725f58d7558f37d5e1b9c055174c7a89010bfe10ed20d882026f87bf3d4e3e2b90a21b8fb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7500d77ec061cb9f4dfe35daecfc1e68

SHA1
0b1812a4c62424c441e7eab37f7492a2a11daf64

SHA256
de6f5b7eef8cc3785b5662573c93be132f8557f0ee5006d5b1661e7d30b500d0

SHA512
15a0dc1c8310b31012968195e5bd6a0b6161490b36c21209abc05bc1ebeb5cc297653540b29f2d52b57f56e15ea01cd45f0d35f08a4532112ab9c84f278b4ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
27e967b95bd6506f483ad7b1d7bbd8d4

SHA1
349a4d7e0d2a49dadc28671be9f75053687fb3a2

SHA256
d7509fbe62f96293013f96f28cb4bee89f4c87e60f1d9af90325a6e4108f9652

SHA512
b9f7ff4f492fbcce2d0fc17bc2509dcd9688c3640626d3e109dfcfc49115e61e94326f2a3d96ae077f623fe49cfff303d1b82ed7c873dc7b5bf7bb69c0d5dc83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5765b06e45298ae02dd97a8127c5bb09

SHA1
7c6f95a7c4db48bfceef3467af90c23c73fa0a47

SHA256
f57f40d27cdc20f58269ffc9989ad8c048678edf627e9931ee76891cf96856ea

SHA512
2e12bbe482a3e9051871107272045caa4521eb1b5b4b0b65f63490eda09e77b52157186032eff0ba2b8f9282b04f8fed06d0870aaf534cb2b5b5d6408ccdd686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f54285f5bc90e5874275edf398583de5

SHA1
036b3c4667e12b7079bab58667bd5bd7253e5229

SHA256
1efd4026e4991a618b032898f66bf5c0eb9a62f264c29bdca14eb2f167103758

SHA512
bc628b36926a5ce3b566fa1411168a259e8aa7534a1dec6d161c5d7b94e0d876f054acc2212541e84a013b7baaf70e22b6c089a48adddddabc3f766c7b015ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e3cd41f814d57b696779c9fc249ae8e2

SHA1
f3a6e74e528d16a34cb5314f49347265de4264dc

SHA256
8b08d218009de4a0fa5a7db20973e06b55b91e349df0d4ba4ebaf09d01099e2d

SHA512
170bdcf696282095cf27b94fc70b91522a0c4af9b942ceae396974fc939360d9f39284d5a564aa2caa2765055dd15d6409ccf4fdce37467e894f1032a2e48059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9010fe212d7da97a4e9cf63a903ee7a4

SHA1
8f124a736d045eea3c50a9597d18c9af8b128e28

SHA256
c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834

SHA512
f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
21320325bdfc20c6f4e4d136228fc9c5

SHA1
7e96950811d7ddbc1daeb7341ddb9768980bf2b5

SHA256
5e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e

SHA512
ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7f542f6e0d8e24660e90a52914472f1b

SHA1
99b062a0e91e810679a059a1ff3c456a8e28e3a6

SHA256
c9fdc9b483d506f768c654856aa5f1711405b07cd9b03cfd442db8aabef01189

SHA512
362843846ee79e498d0256db29f416521cf6cc7a901920e8946e3741e261772ed23e6edbb01118a671c88c6b2f85a48464780f611ad6de8117edd5907ea3981a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4102e2732be5dbde70162b75b74a5fb0

SHA1
277b2634319b4989d798c0aa9200f49360034616

SHA256
cdbe5dd80456eb4826beec629dbcf25c5cc433fd776cda4bcf2351c8b82abcd7

SHA512
d10f4f5a445fef9b70a58c9be3eb48784a54182f9d288f3c80b5b1b199fd26dd819cd3af150d64e3fb3693d81a18bd1e08c0ffee587659d2b723d30e98944cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f4a7.TMP

Filesize
48B

MD5
3570fa1a3530493583198d79d11feae3

SHA1
a0c913f82c7d9958edc7a1a3814e3c4ed6ac3b39

SHA256
53dfcd2f9017c89ad2e92e2947443e25ebd5178f7cb2dce466378bcee57aa325

SHA512
9400f5e8dccd6b9acb4e4362115c24913645eaab3ffd5d47658aec5e6a8f1b8f007b91caef9347d0a8c05bafb3100d73ae80f8303fa95c8aab6dee52322c3bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6a4dd5110184af0551637eb988565ba2

SHA1
86435c12808efe438d769587685671f2fb9ca310

SHA256
2b8eec0b9983b48e6aade2a698f0e1e668ce8452da937e8b5ae1d240a61eb721

SHA512
c2c1001112d2a1ef5a0bd7b429ac5a3df261903eb8b3a55377d4b9ea03fd24c125f0136e4083a0ca02a7da419bd30a8ae38508a0e0ab446228f168dd6806e86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
659785e8fb73c156e22224f7e135ed63

SHA1
13044e6990bd201106b9828f53ad6a7fac24bc73

SHA256
24cf211a3cb42a3a9a0f761ac553e0ee244063eb6b23ae3ae7734c291ac49091

SHA512
e371a2c1fbef6fca49c6f05d2c8c8898cacdbed0c3c443e5f65abf2498e79da96bab6277471448a04fc4f79dfecefa9e964783024e4be8ba144e39693b8e98dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75f13e0793f4514721cccfa36a146dd2

SHA1
73bd8966b9be5fa11f4166df73db3c08e1b6554a

SHA256
c102709f519dfaaa9554ff5d5b96654bde74621c2db4f4a064790fa37778f02f

SHA512
cafaeb23c7577d72d13d5d4d3aa83563b258eb6104db8389af531b943af4967859f3c4d254918c904fecc1379ae9a18259aafc9f5d33725a1a2c53d50398e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f7e8dc247449f5d36101c31d37c19179

SHA1
4675e3d02dfc5cb41f699b1cbfb6eb900bca0215

SHA256
63499b5f9de1a88b55be01eb37b24fb3da45bd6611162a1e93885e1ba85149f6

SHA512
231086209f182163aafbb44f7425baf5e03fa63c600886c8e00fd2f4ef15f3cc65b5a0e918589dd04f880544cfc0c76ee4fad2e125f0d382777a03ef4727119c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ce7010291bf1392c560066121a548d23

SHA1
916fea41efb18904e6240f3a3896427377aa20f4

SHA256
928115d50034a92d52de32fc7ae0ce647fd450bdfe40ea755cd892577f7c8841

SHA512
4904d3f53f5b20dd390c3e63ff538b2df4939c112bd5547509186d40b8198f30b9b5920009121acd565008bfedf2d786635c4cfc78c00aed816d00f21bf9b4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5db27a9f02daca09c22c30625267e68f

SHA1
ed5374b4ff5a34f325881eaaade0712dbd63d2a5

SHA256
ed4af1a4c77f6645f92161d4016451423f1fd2928d18ca3cf6aeae1c1d013e0a

SHA512
10e6435adc247ea47f0bd3a9cd588006d9c3c42a3bcaecc8b7e3cc0cc4bdf6a183f4075f2a3353cf4f90fdf1df6662e99f8bbb0451b716a961d561787096e47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581354.TMP

Filesize
1KB

MD5
82628c6e70320c5f161d9e272da87dc7

SHA1
bb02b30b8596fc32e0999a3f26430dff186cd3c8

SHA256
165211d31eb7ef495d0334fd45537740e6bdc0402f86eca111c8b79c41e77af4

SHA512
8b50cdcaaa6274b47056bc7515387933ca7c6098991ca6caa19c20ce75b728a9e7b40a0c468458268639210f88da160208084af92b4f2e7b586f21c76088749d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb9daf662364016db939ee1e865f60d4

SHA1
d770075123e9fbc17cf55b7d4263fba9d02c8331

SHA256
94e5d4cc4640b65b291b355d9a0f5f5016613f7e06fc88ee661ca7ea43f282d9

SHA512
fe1fa9917f79e2784540ab77b57d0eb9db88fe9582970b185e8046ad5e219fa598bdaa4de897bcb7649e020fc540ecc2a3fe89575d16befb02bdbe311e319080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
449f03761892cb063695324fd2112953

SHA1
276d2711ec1d36f9b11a207b60a4c18e8eba9d0e

SHA256
81598546ed7312d2fbb624aa8a4fa59ec2e7910bccca16d4eb7399f5aa8cec0f

SHA512
f83a740629badd2d7e3a72520840db3cafca8b85cef03974c1b8c56ce20a31840d61388cc44334c0a06e7a4fee6cbeee8fba7c2223aea63b5bda7efa71993bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
278aab32d9282772a8b8b752f3ef1d94

SHA1
7694e189d2df153f0b0e003535af2267062ab1f4

SHA256
60d863ff734f2f6a62bbb94fece2396caad6e7ae2a559973825c2109be088e2c

SHA512
794adb13dd28061f8ef23efbc7724a48181eaeca27201f31134e0c5259205e109e59922c5bd68613e1617681d84bc024a9cc17cbf1d9738c4f79141b9b22add4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a74a673af41a4969aaa824f15912bbc

SHA1
6045a7d579847d7740be6cdc68b30fc29183a32e

SHA256
a77d83d2a311dc561c9319dc1773e5749c70fd9624c81b7ec9c48c31279e3f87

SHA512
67803cc1c378e165d9b9bee4f01705796d1c84ef3b7835c5a96a4b0466b6bbc03eb9608f651b6d5bd9d6f9a1a7a6720edb3b11f356cabc050a3e969d284283b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
49f2c461b7e41dd4f0e5e68eaa0e7965

SHA1
fd3e314820fd0b30e2a0a9630a143f0939453dfe

SHA256
1b7d990d5b67134386e344edf500e597120ab309765380765a36ef197c15df4f

SHA512
77fb7b8c5aa0d444689fcad2c53e7796f6ab1f0fda081fd2418ac049da199e7fba2b8a2a862a178318cd5f133a642c6f58c1bba7d4ed2804a8386ba6e80ab8ca

Download Submit
C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_id0rl34oxreuuoxkuh1icsh0qae0uc4o\0.5.8.0\user.config

Filesize
319B

MD5
f71f55112253acc1ef2ecd0a61935970

SHA1
faa9d50656e386e460278d31b1d9247fdd947bb7

SHA256
d1ad588a08c8c0799d7a14509f1e0a7ae04c519102ed9d328a83fe65999e6179

SHA512
761b5c13e39bd4ae21d298084bbe747ae71c383fedf9a51fd5e9723a8b3b4547de459d82bac7f3f8f3bfc11cfb0528a4f1057b51996d7d046583109a53317b44

Download Submit
C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_id0rl34oxreuuoxkuh1icsh0qae0uc4o\0.5.8.0\user.config

Filesize
439B

MD5
8521aa3937baad8a2a7b5cc5235ff8aa

SHA1
7eb5786b9963c386a8f0e9666c4ad54378401fc6

SHA256
8f64e2ad952c408bc8e12dcc0b0bf16d8778fd6aaa779ee2639ea42e94efdd67

SHA512
bd607e8d3b63e41afa351b9e41b61436f037f306b2be41397cff8b260747a5ba199e6deaefcb39f9f42c88256fcb51f624549756e66e0de34de32bf9d93fccf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0cb0a9de4ec12887aa2ccc0bb3a50929

SHA1
a99a6ca86e56e6f7a5dfa39fc4337cc1d8a9c3ed

SHA256
f1ea3016dddc92dbd3e61fd07b60a5f7c10976f9c4cf052a7ed3ed5fba6d5714

SHA512
9cf3b83e52c5f234a50d45a9b16300c61b8b45046dd22dee61edcf89239603164541f78bdb69dd329f0406a700ea4fd55951049cdecfc36ce6c38b1d6ae4a5c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
003452d3bb7c4f14af5797283d738600

SHA1
f6fada3d7ce7c2256f3710197ae2f3790257cf0c

SHA256
04082818335662c7002158d20f4d6d59684c60df8f461cb6915699cb9e9ac857

SHA512
6ae7e37cfd2231345103310d0c44109638704daf0ede5af9894019d76b78a25b8319b21acd92153f6dbf7fe6b43533c7ff45f98dbfcf3b45d49eb06927ebbd50

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe

Filesize
6.4MB

MD5
97a429c4b6a2cb95ece0ddb24c3c2152

SHA1
6fcc26793dd474c0c7113b3360ff29240d9a9020

SHA256
06899071233d61009a64c726a4523aa13d81c2517a0486cc99ac5931837008e5

SHA512
524a63f39e472bd052a258a313ff4f2005041b31f11da4774d3d97f72773f3edb40df316fa9cc2a0f51ea5d8ac404cfdd486bab6718bae60f0d860e98e533f89

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\AsyncRAT.exe.config

Filesize
5KB

MD5
cb1f2dcfeb5cbb5af8efa7ea40b8e908

SHA1
ceb040761554040cac2fc7ca18623498d3bfc7ce

SHA256
58f956abe9d717683f4a1cfa6f70e256c80461315a8d47b6456116b3d3075372

SHA512
f0d805bb7983a111b7083e08d5e53c30dd78a0a5fa2baa2af6c5d3395475a3399fd085d151cc8cce312c7eb3e11ac7c2cc78c49ff8a9bfba4b6ad6585caeaeea

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\ClientsFolder\Keylogger\Keylogger_11-25-2024 01;24;17.txt

Filesize
95B

MD5
216ba8726ac2299331c7cd39138097bb

SHA1
f0c7ab9cf3032680282b740886d62921194c9b00

SHA256
fe8b1134f76ac094d988baf2b0c6da46652a7c8a42a99d67470b14aede1ea778

SHA512
1a0f4118af43c1e33ec81cb02be98c166517571562687b49bb129fe5ea77681e1016a55c274d697631b316082805157d34573e7dda8a89ab3f2243efcb8a736b

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\Chat.dll

Filesize
367KB

MD5
b230da150aa974d2a0801cef654cbe05

SHA1
ab28e63c165ebd7d43d6d0eed4de2750743b9b27

SHA256
37d41c7042210845593ddd7e5a5e37a37f6605305264d50a30aa2be1686000f6

SHA512
2d81546548b6ed2e799eaaf4766ac9a811344d9f57726bed7270e289234f7b917df07deff9d1f6e93b9f4d186daefcbfd2d0181b12406a0b5b81e3bdffa65aaf

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\Extra.dll

Filesize
375KB

MD5
3bbcb7c7967c714f767d751db17ed1d0

SHA1
ea15b176c5c7073bfa3bb58ebe9280b032414fbc

SHA256
7dd3978e7721f4460d639d17c47fe1307917dbacfb858d0d12e403105cd47089

SHA512
c20bf3b9b4051b050b6efebbe3c6ea54e520d68172f4ef7bbab961169c4479e9c77b39719e0139edd6ff4c4366b355579226f49aa979331ac8ab8c69bf3a165f

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\FileManager.dll

Filesize
392KB

MD5
9caa1fa3b3b7824167610d309446223d

SHA1
093fa014488ea1ddacf083c398fb8b2d07b8a0e0

SHA256
9d1b94035f381b5183e82a317f001725674c8ea1c5cd82ab5af408f7f53ca19d

SHA512
feba121ed3ccdef26b0c78874c5247cbb223b2992649fed6bbc088bfe952cf86de1145d84666048ad37b0f2c6a9dcd4da95cf972ec790b43deeb1c22322d17e1

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\FileSearcher.dll

Filesize
433KB

MD5
4e1922ee8333847507a34823ed695131

SHA1
5df1f96b0a0a43eadeb101c54864a85cf51e9521

SHA256
a6bdd625fa1d9a7ee66e4ca09ced0b3dca8afd2ad92ecaf44fd9a879b57cb198

SHA512
e4f2bc24f7d44e19580d561599b563ef2d011cffbd64851c867b03aab22e650da55150b6bc9c02389acffe546efdcc17da72204fef4e6e49a53e27be1a290f0a

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\LimeLogger.dll

Filesize
368KB

MD5
732839c93b7e0ab6796cb1c4544eda66

SHA1
2dc3d39d74a5b72e6320596f92bcfc15edda3915

SHA256
cd5cdf0eade067fb0d97881258e4e29d88386cc9ec7a6ea315d159d284858857

SHA512
faa264925d636fa743d0448ce97c0b26ed7974b48c2fbf66000993119749d721bc27cf2626c3eaac3b1374abc0d16cca9e8222c4da054d1aeb56b34505fbeec6

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\Miscellaneous.dll

Filesize
560KB

MD5
07ba8685ca3faff186f0d9f5400c1117

SHA1
a673a7b55e4cf168856a7d3564a5521f0f8fc4e5

SHA256
783d9d5334aa40f35acf8ff941a6b5bed908fd94dc14a05712b8a9eb9220cd5b

SHA512
358c85a586d8b590497ea180eae76608ef38a4de09b95e907632bbad8f2c522bec4ea5568017ea1120a1553abb2be730006613872fe053b1fc00a36d005ab096

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\Options.dll

Filesize
378KB

MD5
a1b5048e3f10f7105bd47244b2930137

SHA1
a12cbae3ec815ce704fafb0e2eadb9f31ccbb6f3

SHA256
8dc80b8bf9b3123289e132270e74a31176deec4f74e6ac20d7b6a9fcdb89e8a1

SHA512
fcae7c456f71e03afe2e67954fc3c9491978a54825436c51b351c47adb6cd8a1ef15e0e6f6d99094b986ff910e21a287a7de9e4ca2818221aa858152a8c6dfe9

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\ProcessManager.dll

Filesize
361KB

MD5
fced22a0c1edad786a59703842fd3b14

SHA1
dceabc613c694f7f2f6439ea176988fb373d6a29

SHA256
3ad861ad9bc3edfdd486c060879f4f2450a51757c67f3b514f71381057580218

SHA512
8904c36c364d29244c598895e877d7897547ce2a187adb197ba281a0512ca3ff52464c478fc42a2ec7f614dd0f91dea2dbb31f4af81c6c0f08cd23f79a71f57c

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\Recovery.dll

Filesize
600KB

MD5
d8793438a77750cea1b0d7eaad3d0d0d

SHA1
36bb36d6dabaa1285dbe7ba26581322630984c71

SHA256
7fd48ac68f182e0ced2ace00b223fa1d35bd8a20d75600b5400267cd5db5cc84

SHA512
68e00d97edf0ab768d40672d3b39dfcd09d8ff81b3e6abfdcfa8db88d66ae6070c8b6ad2c540538dd6f47da0174f9ab2d48cd7bef95d6021ffb844c71289822d

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\RemoteCamera.dll

Filesize
452KB

MD5
1b2c9164e625b600e699151de11d9e98

SHA1
2ce0aa3161c641623afd1acfa922fce5f10a709c

SHA256
87938027a63a867b831c86611dc6a2c1fc6af61526dc2269328af4b59e15b1e1

SHA512
aa0785b079059463a1df409380451c2be7c3bd627a199661627815f364689ed3816dc9cb78725fab510d687d6866186f3fbdb62b633554b9a0aa324730487729

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Plugins\RemoteDesktop.dll

Filesize
390KB

MD5
cd4a9e669264419eca4de564e6272fe0

SHA1
bb69bb1542ea06395df74dbedc98866d6c8a36cb

SHA256
56fd699258a7186f709068c283cd725797bab392e3a6f1cd28f35bbdb3e98e38

SHA512
5addb4f97c7e1cb69e5167e670bd2c3a817e0415f1fd8a5158af7e03e4340a8b1a6d803e85c9ea56415b9e7d3dcb4c352775a6a6b4770443d72114396ffaa1e5

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\ServerCertificate.p12

Filesize
4KB

MD5
10e7810fcb991cdcc9bf104e8b1931d6

SHA1
1207ce022c030c7d069f281091d12216bdddb384

SHA256
9f497fe5bcece7df4aee7bfef29db59ff613a6abb31f77012b79643d96096714

SHA512
ef3772a2a1c42d3f6b4c192ab9c35a73fb65362c3c0812db55591eac1209130e6a786aef84fde13821a48c863347084d47e1c34086020b80620bbecd4f2b3c68

Download Submit
C:\Users\Admin\Desktop\AsyncRAT\Stub\Stub.exe

Filesize
38KB

MD5
f76702fa423ce2b2b4b0fdcf547b0789

SHA1
ea408a4419e8a3139ef14df987608964c12d3190

SHA256
0e19cefba973323c234322452dfd04e318f14809375090b4f6ab39282f6ba07e

SHA512
03c7d8814687bb4f11ac41a555f368d89d5be749c92624073b77da0e57d872df201f2657b180ad0c9d5bc9ffa0a85989bf31374c7e5deefa06cf36bce3697971

Download Submit
C:\Users\Admin\Desktop\NoObfuscator.exe

Filesize
45KB

MD5
f1ce8ea75ee0f7ea2ffa05e94452f491

SHA1
23682abefa42d5a89723850a5d929420916b117a

SHA256
0851c1b44df4669f6c8e59254c6329c62fa59abb54dc971bf8516891186a5934

SHA512
7442b594a5bb0202fe6c0e2e8cfab395952e7dfa76c7d76ea934a1bfc55a36145319af239136b897f47f81ec4eab6ae255910717f70caa52942b36a5461f2704

Download Submit
C:\Users\Admin\Desktop\ObfuscatorOn.exe

Filesize
47KB

MD5
a1644ebe19d663ff8384504fee9600bb

SHA1
ee19eaed89e4fea656d183343d93bc9ab78ce6a2

SHA256
b3710cd1c95dc8b9e85a46c8a78b7da0d4b0405953a6990c2dc51a130ecdb359

SHA512
adf51728a101a33bdc88e977c649723c5cde572c2d145bb03be609eff9efb6b47249cf0b302e2236ef45c144fc3d2156e512d2c75fd6164adec33a43c7fe56ad

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 460346.crdownload

Filesize
6.9MB

MD5
30b1961a9b56972841a3806e716531d7

SHA1
63c6880d936a60fefc43a51715036c93265a4ae5

SHA256
0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c

SHA512
9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0

Download Submit
memory/4744-1422-0x0000000007AA0000-0x0000000007AE0000-memory.dmp

Filesize
256KB

Download
memory/4744-1423-0x0000000007430000-0x000000000743A000-memory.dmp

Filesize
40KB

Download
memory/4744-1204-0x0000000005C40000-0x0000000005CA6000-memory.dmp

Filesize
408KB

Download
memory/4744-1421-0x00000000060D0000-0x00000000060D8000-memory.dmp

Filesize
32KB

Download
memory/4744-1181-0x0000000000DA0000-0x0000000000DB2000-memory.dmp

Filesize
72KB

Download
memory/4744-1202-0x0000000005B30000-0x0000000005BCC000-memory.dmp

Filesize
624KB

Download
memory/4744-1420-0x00000000060C0000-0x00000000060C8000-memory.dmp

Filesize
32KB

Download
memory/4744-1256-0x0000000001510000-0x0000000001572000-memory.dmp

Filesize
392KB

Download
memory/4744-1257-0x0000000006EF0000-0x0000000006EFA000-memory.dmp

Filesize
40KB

Download
memory/4744-1419-0x0000000007A00000-0x0000000007A9C000-memory.dmp

Filesize
624KB

Download
memory/4744-1203-0x0000000006180000-0x0000000006726000-memory.dmp

Filesize
5.6MB

Download
memory/5468-1227-0x0000000006190000-0x00000000061AE000-memory.dmp

Filesize
120KB

Download
memory/5468-1228-0x0000000006540000-0x00000000065D2000-memory.dmp

Filesize
584KB

Download
memory/5468-1183-0x0000000000210000-0x0000000000222000-memory.dmp

Filesize
72KB

Download
memory/5468-1226-0x0000000006010000-0x0000000006078000-memory.dmp

Filesize
416KB

Download
memory/5468-1225-0x0000000006090000-0x0000000006106000-memory.dmp

Filesize
472KB

Download
memory/5936-414-0x000001C61EB20000-0x000001C61ED72000-memory.dmp

Filesize
2.3MB

Download
memory/5936-417-0x000001C61FAF0000-0x000001C61FAFA000-memory.dmp

Filesize
40KB

Download
memory/5936-412-0x000001C603D40000-0x000001C6043AA000-memory.dmp

Filesize
6.4MB

Download
memory/5936-418-0x000001C61EF60000-0x000001C61EF72000-memory.dmp

Filesize
72KB

Download
memory/5936-419-0x000001C622C20000-0x000001C622EA0000-memory.dmp

Filesize
2.5MB

Download
memory/5936-440-0x000001C624270000-0x000001C624396000-memory.dmp

Filesize
1.1MB

Download