ef047ee404b42840a4094dd67ca0330a1623724dc537fbe84fe52c2111633141

Analysis

max time kernel
1049s
max time network
435s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22/01/2025, 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Async_RAT_v0.5.8_Turkce_Versiyon.rar
Size

6.7MB
MD5

e84d6fd96d14438722766005508fccc8
SHA1

78d566c436d516365444a0bc57837e9e27a2162c
SHA256

ef047ee404b42840a4094dd67ca0330a1623724dc537fbe84fe52c2111633141
SHA512

1df3101f93476cba86b2b4019c4705e3320b0debc206fc62fd47bcee907de4e5390eaf8e06b95ad4927eb92692b9dd5f96130e9ac226be00b9a89e819e288be8
SSDEEP

196608:aD8RRxdOGw+3z4Wvkwabq3y3+YRCUFQEwDwOhR7tqbF:BvkTq3aQUhwDfhbqbF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3216	AsyncRAT.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819896499120892"	chrome.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3996	7zFM.exe
3216	AsyncRAT.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3996	7zFM.exe
Token: 35	3996	7zFM.exe
Token: SeSecurityPrivilege	3996	7zFM.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe
Token: SeCreatePagefilePrivilege	2764	chrome.exe
Token: SeShutdownPrivilege	2764	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3996	7zFM.exe
3996	7zFM.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
3216	AsyncRAT.exe
3216	AsyncRAT.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
2764	chrome.exe
3216	AsyncRAT.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 3968	2764	chrome.exe	90
PID 2764 wrote to memory of 3968	2764	chrome.exe	90
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 2828	2764	chrome.exe	91
PID 2764 wrote to memory of 396	2764	chrome.exe	92
PID 2764 wrote to memory of 396	2764	chrome.exe	92
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93
PID 2764 wrote to memory of 4748	2764	chrome.exe	93

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Async_RAT_v0.5.8_Turkce_Versiyon.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffced25cc40,0x7ffced25cc4c,0x7ffced25cc58
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2084,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5128,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5272,i,1890553349150420370,8100621659228182453,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:2
  2⤵
  PID:3008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4288

C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe
"C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3216

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\95dedfd9-872e-4ef7-94d9-55f81222bcaf.tmp

Filesize
9KB

MD5
614ab0cb81ac7c34728ccc49e8c7fc19

SHA1
bd0859bb9a9596f515a19a92a7ffce3127c58bd5

SHA256
7cea90a605410e52b23c22ed5ace2bf659a25415ec2363ff253505b3f625e05a

SHA512
7a2c3ec1955e7dbd814a507813c8fbe11b79a11d04dd24168639fbba66292a452fc5595fffea7ece418032b4fac26c822680d46001893fd3d173d31171aa9c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6fb97a71c4c72e8f772d8e92cd07f4a3

SHA1
c74af3af8757f8d33f09f385f680fd747ed35f5f

SHA256
40a0d9bc23a782f4489dcb6ff60532e61cdcf4f7a2162a2e713d1918504abb86

SHA512
1d4b5026c09084e8257098ef9d9b8de814b7695cce504f5186c3abb0b6523300a4ce240356f96be1052b9f0eb91b9c79dd60ef4527dedd79b69aaac933add241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
56c8fc3f0a0a4a07b604b031ceb689b8

SHA1
9989941c76414fc9228907e242522a17c3fb220f

SHA256
b17d89906e3689f8ad1493ead612e8040ce8284104c0396e7b6b549e8f3cf6fa

SHA512
3956ba8ea885941a29cd13d157a264bceaf90eb9c65f207b0a71ccc77200a84bfb8695c4423d9d130581d3878df77f7accd6e62568fb884a18d2383c1f06f278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fdf502b24116182ad9fb46e4c179eccd

SHA1
151248f87527252954f0a5b0b6e9d5019c436629

SHA256
4864edbb5ffb127caf1db807788b7897f9971885ef395fa0dae00aa7cf7d67d3

SHA512
162b10f3a1794d5d4a90985047b5840d218486968ec49c2d893863135b293092ab581dc762322e9cc0c3edde2260364ca2c704791dc816d8cc41b171a80a12cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f7026fff208e355d6d0a2fa72a0d492

SHA1
df57f6fe9cf52276827aa9cb4bf1b02b4ba38824

SHA256
3eb2c8fa6dff7869cf13c6d6f5e4a2decc2f91acb6baceeeefa06158e7130b4d

SHA512
1f5dac0852020ad3d9b492fd2898345fc5bb5f92bb2f2c35396599fcc3126d03399a33557c206f22d5e7787741e2b24ea8667e7b1e76ed4b624aee48232e108b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65a8a535ad10e6a7df364ea81600aa84

SHA1
5c32e5aeb4905fafc741a5bfefda463478632596

SHA256
a84dac2854f7d989939f57c7fb2b66fc7993ba15a266424356ce5820f7051f03

SHA512
124319cf48875c02f95c2423e4b5f2dfa32cf8b679b16a6d72ff606b86546a3841ae94abd477f128e9c01f1f3310c12efb9848da766bbca42da6b96b93d5ea28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d5b8bcae2de36eacb48b8c2de47034b5

SHA1
f20ec87397731f9089ec552a11a34bbfb84d3683

SHA256
4e4cccf34b15519cb4737ebb505916fabb0a4f2ab353cbcbcfec2a933e1c9b6e

SHA512
02813e3da3ec6e1e9feda43c4b7b55a4927da835420887cb540a6bb8de8b92f8b18de9e7c675031c929e2894adbfed849642ea85e945d0081172729cd7938980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f746bd3945ac0c8aa3f844552d7554fb

SHA1
ca9b7f736f7fda23b5052c458a41a98511f0619b

SHA256
4c71c9728b87be17cd8a619d44293db9c3a006f08171ffe6e896906ead691e0f

SHA512
fcad8bc13fd73c909f09f56db80ea17be7ae01fd053be361cc57b0ea01dc90225f8e57e832e4c023a87db63f134683a066150edaa6140bf01feceed2b8360e2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
376179e1d794c662ee369842b1cd23e6

SHA1
f21c4bc12b372eed6eb0f217f5426dd51a8fdd87

SHA256
a024f0ad45f4e0d883fffccd09942f5c0955a49cf751ad7cc5a2ab576f8dcedd

SHA512
80d7bfea30a798afbb6d45757102a93f6f355bd7ffc908ece891b08b4ba4999e1846be7970c65b80cb536bdb2708f181a744a3232ab39cd3b60ac85eb22d47d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
b7a7713a4fb1d135aa584438217fbae6

SHA1
1374b56368e5a2cf05089462cbbb04eef907c30a

SHA256
ba6cf996364dc79bba3b9a700642f8cc21496e192d6093b47940150f7b7fcbb2

SHA512
7e8c92908bb427288a360a36eeed44a1d9c86e7846c4a4fdadcf7f3834e793b8807aa54e36a3746dbbc9aebe79d79bf739649e152cbda106ba52a9f62d001149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
00a3cf8661f7e7ca2bc90ee458b21b1d

SHA1
74b7fa9b7069754115636c0b1d118ba8f14684f3

SHA256
ce6f1c940e633a3e83b3ff57d158e75d4f7166e40088c09083e054111548aebf

SHA512
6a8971e1e7281f47976d880987032946a0008f2b7a4c528f455745e59531b14c049f02029b0944a33ea5d124ccebecbe8166eb3f373d71228300cf111c737de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a16d4e3f65ecc25c9ea1069eab982f3f

SHA1
db7aee91e915cfb63d305a19d27c38c557eb9f20

SHA256
0f947d3ed60072cf29707534eef17e81a317bcc6a513707afbf5bdb25b329421

SHA512
a0d8b2804aa899942545738873d7b371d78eec73bc95f0d80e870cd0f1482410956fbeec7a584c2fd894557cc890d015ba6259b01034bc4c170fca69fcd9c64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2764_486274484\836d2014-145a-486e-b1b6-4f9a398d5343.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2764_486274484\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe

Filesize
6.6MB

MD5
d9b0dd1451164fe93b0161d8a324e5ef

SHA1
727956da8202910e55a856232886587fda7bd327

SHA256
c49408393db15b24a5df9bcb194a50d646698d2c5ffa326c15e68db08a5f2a79

SHA512
7c73bce623bc727530be91697d5d919f5c65d9908b8108e694bfc0cf140d65b10d2f0d035e1b5ab64e36bc441f39167bee40b4573edeac2420904795d108fa3d

Download Submit
C:\Users\Admin\Desktop\Async RAT v0.5.8 Türkçe Versiyon\AsyncRAT.exe.config

Filesize
5KB

MD5
4b75a90ebd1ad017f1b14c08c44d0a72

SHA1
196d635d75d25c68c1b9adf7e81761f9763ebaaa

SHA256
8dbe1462d5e9dfcef022796b8b12dbd088e3539a6aeec566194e86dea8dbb582

SHA512
c2131ed1d70165ae0d41f91e297b1a7ef0674af71057be4c9b4e6f8f2989f5a75c479bf24f90109d01eb5b578d859be7caed20a0b4b3187541ab533cc76711a5

Download Submit
memory/3216-628-0x0000024054B70000-0x000002405520C000-memory.dmp

Filesize
6.6MB

Download
memory/3216-630-0x000002406F880000-0x000002406FAD2000-memory.dmp

Filesize
2.3MB

Download
memory/3216-631-0x000002406FCD0000-0x000002406FCDA000-memory.dmp

Filesize
40KB

Download
memory/3216-632-0x000002406FC60000-0x000002406FC72000-memory.dmp

Filesize
72KB

Download
memory/3216-633-0x00000240732E0000-0x0000024073558000-memory.dmp

Filesize
2.5MB

Download