asyncrat | 87772bb1ac6937a4126d72cc41ca517b2b010bb2891d40e5c7dcce34ee7fad03

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
30-12-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XEno.exe
Size

63KB
MD5

46f78699ba52074982eb53d91e40da70
SHA1

c9bbb8eddd4674c49372eeea65aedb4c4bffb323
SHA256

87772bb1ac6937a4126d72cc41ca517b2b010bb2891d40e5c7dcce34ee7fad03
SHA512

c55a7436bdc75c9572849ec057eac9f0b0b9e33525d6bd3b161b2cb6d9655e614784648e1040d0777bab0c330b3bfe9c014ff5cc9220e88ea9e19d11ab4ff770
SSDEEP

1536:/hYBLTM3Ufc4c7VFUt6cKGbbEwiVuGFZVclN:/hYBLTM3UfcVVFUkbGbbE9FzY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

1.0.7

Botnet

Default

Mutex

DcRatMutex_qwqdanchun

Attributes

c2_url_file
https://Pastebin.com/raw/fevFJe98
delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	pastebin.com
2	pastebin.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133800625509767895"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5416	chrome.exe
5416	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe
5364	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1884	XEno.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe
Token: SeCreatePagefilePrivilege	5416	chrome.exe
Token: SeShutdownPrivilege	5416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe
5416	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1092	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5416 wrote to memory of 2416	5416	chrome.exe	82
PID 5416 wrote to memory of 2416	5416	chrome.exe	82
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1268	5416	chrome.exe	83
PID 5416 wrote to memory of 1660	5416	chrome.exe	84
PID 5416 wrote to memory of 1660	5416	chrome.exe	84
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85
PID 5416 wrote to memory of 5572	5416	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\XEno.exe
"C:\Users\Admin\AppData\Local\Temp\XEno.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc27c1cc40,0x7ffc27c1cc4c,0x7ffc27c1cc58
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4416,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4268,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4408 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5184,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5028,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1144,i,15741955561198665892,11347123003627028641,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2540

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\871ff8d3-18ac-4e60-9d04-e3eea7269109.tmp

Filesize
9KB

MD5
8b3698d3c404072f4e24f582a187c999

SHA1
48011113867c0a2ac3c75513fac191578953dc0d

SHA256
27865ec4c42d29976ede7e6c41f4ea705a2bdedf16cc9f2881f3812a93022db0

SHA512
52b77c0e71722fb47ecc49dc2c23f994768ffeb0fe09266d5163433886348b714fdf5d88c902352afc76107e361f9db9e0ebc72fd696ceb7ad782d0e24286f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dd7cf60c71beef801b582467049d231c

SHA1
1b14a9ae843b1301ce9630ef5dfe961e9a929aef

SHA256
6b6605f618af48b27d0d00465765d787631ecccbf63bfb574b8d1706bdc7e861

SHA512
0b11c60d2275814f86525425b001cc5783d2c9da670ba12368747d2095892f4ecbbfab7524ab08b7ea9e781c862272be540949e7124b6ad1915a8606733b0cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0e14ccc1290ff1e6ad097fe8424f32a9

SHA1
0e023ec907e34020ae39a1d8f3629d4932e6ce39

SHA256
ebb4a7bec60472d6f14e4cdd33c05ac180a21a91a1c45fa3b83f7caafbd477f4

SHA512
6aefc8d1d53155faa99e5888e30db28135e4e7b7a03caeaf7c8e6a51f1b1decd1a9334085be7af5d00de1f8a6f9af4f269ea836867c339f9972c41c985c008d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
65d96b258215dc008390b8ae29f9758e

SHA1
fdf5e280781c2234a5a9fca983146379bf456a76

SHA256
6359656dd61dfbb1c38ecca52b88e9e643e7ef3590a568f63a231aff2cb531ec

SHA512
7b0a93888c4581d9852fbfba3c8fcde568f58016ce8d1441593422e49a7ec48eccc0b07d41f09c07b5c1af1d869e6c131b497c05f8f39327594ecb0b9cf8f0ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9744ccde-3731-4dfc-a4df-9645520abb0b.tmp

Filesize
354B

MD5
e62a41bcf6a798b7a4e286d422953cd3

SHA1
cbd45f61c75e52adb2c384f6978b923a85d5b455

SHA256
2f2f6e531c8a46473e3583310002710fa7edf11f6c87893074bc0c2a910fca7c

SHA512
c047e5ce3d5019592e601b0c60cddcbc48037dccf74dd88ecea1a396097a1351847deb8c7b86fa1974b7484fabe04890e6e90af8944581c8187f4e41c891b055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
098db78e27451cf40f5eaa15f6968713

SHA1
4dfff489131a235dbd08481674cd3353434d1ba1

SHA256
d46bd4d762933a92f1781094b3b1e05eeb193c6a8c5786ae6d2a19e9d3a5c542

SHA512
a8ac68069493293a115abd7c31cee32a038287ce6ad309741a3249fcae0f51b6402ef32362296ffa793e15abc9a5e583d26c95d8c51182ddf0322eedded9907c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
18ca5d2c50dce2113f527dec06a5f051

SHA1
6d425aac8ffb6ad891354b540d01c440a4baa35a

SHA256
299b0312e2fec46714bfa9c28f6d91b638ec34a8ae6cdaedd837617cee7e440b

SHA512
bdc62735842399992c4b3970e1cb44bc5af10fed727e5a72fbc8a2cafb0b87f8f5aff063fc005c2933f1fde77def729100c1d1ff37e161ca28746ae9b53c0711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b3ecdb96f410643f22deef47cea6853

SHA1
e36670e493f49b0b7e90ed2a44e6734c8f18006c

SHA256
da789b26c9d400afe62e2f37eb2c7c6b31b5a5c94355f3e855179ba2cce5b044

SHA512
2726ada6656c8302c1097a734f6f5fd29beaf950c033c478d98128a4ff71def77ceab4cb5fea26fb1c82ec505d1fe4ec75317672bc8244a9ad09cc0129436963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87a3bff08f73eaa6c00b8842bcec3fa1

SHA1
c2dfe689658799e7d28956a5174359e22ce7b8cd

SHA256
c9406d9b42671081e752742ef5180a8083b7dd0aa388b313e23eb9ebe65a3243

SHA512
866ca1b00919f23c07c0bf98a17782355203b59cba49d2456da78217af560c4a99d7772194b78ce32adcef06202c8ca469de33d0014559bc1a34ddc73009cea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82043e82df3639babe17c172f2f409bb

SHA1
4bfc2769bff8a7de8bc2966ac1f1273c1a99dfc7

SHA256
0f5a5c1483147193dd302f2c16d304b0312cf58695e5ffd2a3e9176dc6853593

SHA512
600ca3a1f7a6d11928c60fbe8cc606912f8a60202c9a6ba96dd295251fbd917c7a47c99e32d275586fbbf8d15793ef4a6b39c5c6d273dcd1e4c47ac94bb8ba5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e21f25a81985d2097fa3c22e02590397

SHA1
89c3501f1756ba47cc898d47c1327f232a3253e9

SHA256
c3394762d14df40589cda0a8a5d02968f2c6a29ad897efbefbf79d8f0afeeb7d

SHA512
ffced0c4c240976b87dddd3a23c0e3fbc97af5cbec714a5a6aad6c9d4d2cbcbd8219e28a8508cd291ed4ced3206a35527c48762cc93b87ee081623b5a3cd6c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ef044400f99194830fadc2dfc4e2eb8

SHA1
73584e4ebc918c463a171e8699f9a963722ebbf2

SHA256
142f9ddeb02d36e2cdb2c6b22c19cdc6296650a3dbb9a10f8788da662a039c74

SHA512
10551025678649f27867acb600fc076a0b1802c63ecbc736cb025d77d323f816a6226c97b9122957156643644aaad2562a6d7044eb89ea1a66d63292206d0b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29f769027328cb7a3eade1d40916d070

SHA1
74f2170cfda7b49c31d0420ef466e16a99fa23ab

SHA256
2006bd8a80810e1dd225ac64af6acb3dd70c010d4d662abf5c5024d203a98c0e

SHA512
13f8e27f4420790f3303cf6043cf53841f0641cca1c466e7e6c629dbb879eae7a4253b0639332e1dfc1961856ba6507118f7b12f5ae2d8393fcb20c742e8908c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b3689ffb01004edac06650b72032c87e

SHA1
cd478246d39d24babe643ab3e2c568ef25260e35

SHA256
7f9e9677271151befb73aaa4bdbf3e3b1d541c6b468e4747239943a37ec81aff

SHA512
553238848b065f7cbc817e9b9537cb2dd6d476f6f708b58f136416fb42b497de2430ab2f08d30c36441b37b4d992a9b4436de10d983ad8dad7ffb83187e73d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3815263dea20f6efc2f704c4693fe0c6

SHA1
258921734d7a9bc9cbc0bd74c9246071f9fd6fa2

SHA256
5cdf50307177da1ab7546ba83f181d14cd04faf958ee84c1de65d22c61bd205d

SHA512
7256cb18c6b8b6314ad331cf48f54760e5d94ca7bb96e96d731053a75d84ad23d51a83d3104b53f9b916a597a4b4b1cd082b91aa5470cdea751da4698a4a0441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9cd2e3c60c98a93dc43f51dd3d2eaf03

SHA1
52d56bc9ae69c4e5e5cd61e1a15cbcbca1564b92

SHA256
f54110aa1a69520543d00dcb158b0244a5897f1f450b805714ba6b53e2830ce6

SHA512
203d9bb9ae12f9a25e628312981451f557cc4f3344665faab5e0b05216344aeed596a1e3540a3010b2ead30c65516ef92f21e04a80c8c043f307e78e19732054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
878cd972c0858d7f11fb78516bcd4fd5

SHA1
9b6adf8fd4206751160f77f551655eab20925d7f

SHA256
5e3f44b32d60348ab527ade521eebf7dc17e3f070984878579eef577bde5c568

SHA512
9aec02337e960047c118d98e84aa32bf5fd11da956d9f5ac3a838f70513b702742a37e3c2c9152d0f563b119dcaa9d83c796d22fe4edff9640c9e0b89522fa93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
579f0004260a6f7c38b6c8b29cb6f9ea

SHA1
84ca25e341af1382fe8498bb23252f1c8828bdb5

SHA256
e346af24ae4510d44730923e879142eab94977bf5ab8c73318562282c9d45d8d

SHA512
c531fe9b55c6a6860148e2df578c23751a5a9e9bcb7e7acc0ef09cf6dd7f707adc7a15da7683692096b566bc007f20d594e16da4edf9b4b4f37a1c3a8f15eafc

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
99d3ecd709464e38b25be3ab947ad5c9

SHA1
f3753394a5fef90f29dca347abd40adf15e9a47d

SHA256
c87c395c07643e24dfa5b59915b602dea53bf7c7fa7db991af59b84a122c91a3

SHA512
a694c3c842ea72e34d654998cc38a98ec5f3b53727a377789ab10ca49845e7dc1334c945bafc659a489f5c0cd65180c08b13d69d0780a2855c95a1978c58c991

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
711f1a880c08e1f7867f1bdd117320b7

SHA1
50c2d0859f6fd41024d486e2ab537507b975991d

SHA256
f868e98aa21c341e365d73e301d87c006b557033d8d7b2808fed207734fe5143

SHA512
885c2abd9047727b33ea760836cbbe4eaf5fddc08375a8b37840c99332131f0f7164f87c0abeb4523f42262349ab12a1c22c12813a9d81d6955c7d20b41a9a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5416_721726430\8350a406-f738-438d-948f-5c870d102811.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5416_721726430\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1884-0-0x00007FFC2B1F3000-0x00007FFC2B1F5000-memory.dmp

Filesize
8KB

Download
memory/1884-5-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/1884-4-0x00007FFC2B1F3000-0x00007FFC2B1F5000-memory.dmp

Filesize
8KB

Download
memory/1884-3-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/1884-2-0x00007FFC2B1F0000-0x00007FFC2BCB2000-memory.dmp

Filesize
10.8MB

Download
memory/1884-1-0x0000000000920000-0x0000000000936000-memory.dmp

Filesize
88KB

Download