asyncrat | 80229ce9e0728a85ba1f6ad90f37da99da116e8f3c4b893bcde6a6113644e085

Analysis

max time kernel
92s
max time network
97s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
31/03/2025, 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

3fcec835c80c0d689b77a2ef2117b64b
SHA1

62ee7c288a2a19dd736a297aa6dc3a8f1aa26e66
SHA256

80229ce9e0728a85ba1f6ad90f37da99da116e8f3c4b893bcde6a6113644e085
SHA512

98e05dc28a0e6297a2adb50eb7649bec80c45499cd03a6405cb0193828444bf65d33c26f026f3d4cd1847793914627def766142c626414f9c6d839bfdfa775af
SSDEEP

1536:EUEkcx4VHsC0SPMV7e9VdQuDI6H1bf/m+KG4Qzc2LVclN:EUxcx4GfSPMV7e9VdQsH1bf4G4QPBY

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

132.145.75.68:2665

132.145.75.68:3965

Mutex

oambycgokesyjglig

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878933757840259"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe
2204	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: SeDebugPrivilege	2204	Client.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: 33	2256	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2256	AUDIODG.EXE
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe
Token: SeShutdownPrivilege	2636	chrome.exe
Token: SeCreatePagefilePrivilege	2636	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe
2636	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2204	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 4072	2636	chrome.exe	97
PID 2636 wrote to memory of 4072	2636	chrome.exe	97
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 5420	2636	chrome.exe	98
PID 2636 wrote to memory of 4708	2636	chrome.exe	99
PID 2636 wrote to memory of 4708	2636	chrome.exe	99
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100
PID 2636 wrote to memory of 2340	2636	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffb14e1dcf8,0x7ffb14e1dd04,0x7ffb14e1dd10
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2028,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1608,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4456 /prefetch:2
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4748,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4904,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5096,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3324,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5704,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5404,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5212,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5568,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5976,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6312,i,14613680418480570193,8606519657003067699,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:5192

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x454 0x488
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
341505782f265ef79c2ba9b98deef7b7

SHA1
d07f53c6e37c4bb091d93a7a702294e32ff4bd18

SHA256
7e2616402a93fbd2398d2e163f2ea2a40ec1ba2eb05ccc577cd7f27e75fd218e

SHA512
f0a17169bc59fca1bef0a11e6c020e4bc03a95792fa1011daa5170d008f37d2362ef78f182a8464f5ca1a4e9199e29d6a76f480a6550a6a5146d5a81864e03cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b91469c60a041f8c3e8d341e6cf742ac

SHA1
b696794e696780d233e51007a2436a59e82f38c1

SHA256
fe1e1ec78e391c81b7424e4b3c304e72cd758dee0bd82fc3e1255f3c660e88d5

SHA512
7b20ff33541b0012679d7ae861c04f8d6d026c1ddb5c883626e217b429fd65360232543c3df762b6576370214762b919bd0ce7666a6db528be4cd558adbfefc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\97813be9-1806-478c-9bf3-48e160ec0329.tmp

Filesize
1KB

MD5
36a40c6a59240ccb3953d7a70e851599

SHA1
8e0a60fd976794e084ce2fdb20fa14a446d1e572

SHA256
1b2e1b70123fce01033cea3da28060a33b6df4d2f47776972e18bddfb8c119bf

SHA512
f88ce53add32d7848945a306c5da3179ce8a3b82b8993e2c8b87042f5dc6b1305e6bc865dd66e8db1d7d0cc35e7fc9ea76fae2ec0cb1fb0f0b4e7adc83d4702f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0b87d602d2208a8318fd8b3259b50f15

SHA1
01b6ab16e46d4c4d0e08671028e4535b9ec1031e

SHA256
1a3615317fa504f34f2d87eb22d8656f95c67fd21e0163577e7da3ef6775e4a9

SHA512
fb247146ba6202b8063f686109cbaeb2309dc76d99cd22565e67e01f4fa218728e381a803d1f4cb5ac0e245809dc3d9a985ffa1d85e643fe4b5332c4c5cbf2d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6a97c2c7e9acbad3b5bdf672b89ab838

SHA1
babb75c7baca847430427c907216c9e3fda11001

SHA256
5af32af6edbc467f6f2f15d3c02058a24fdd294474d85b6802f8e1b2d4a7179c

SHA512
bfe1455ad0088388952fccf7ef4aa8454987ba750edb9c9ed7ec1b392e206d8b4bd120782a35be053f10652f02eb85df821abb61fcdce704d266d30f63af793c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
98917ca03a1860ba558053b3d3165663

SHA1
dc01f8744df685f44cd6ad505fdbcc91b020d043

SHA256
060373bb20f6890b7cb80cf77bd0d817aa301d443b1a0d66503f4982dd5d1fa1

SHA512
847c23be6715232b7c58ac68b73d423cadbd0055fd542249f68ca8c66560b5ddb4af8d7e24ad48d2e51ee0b6b88cc65a358a0e51603374ccb5111a646a92a836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
41bb0f060488b9e3e0310babaa1b6daa

SHA1
1ffd6cb8fb419f3501cfa85b1732b1305a44779c

SHA256
34f8c5da19c4adc6c0769eafdeb07978cf963d20bd84d268dec5824058b0d7b7

SHA512
be35fa143c3a518a54c42e25a56d2f214360bec17e19bfb2aad117d19af609f913fa9bf6c6db3873c09b5ee0923904e60022862365d75f0b645fd24a5fb877e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
b32fbe6973da77403bed0c846bbe98f6

SHA1
ce5944b3d722efd49c211cf03249a578b620a4a2

SHA256
88a7e752b534adc7302cbde33a50fa32d1b3b1343e6c3a42f292d5c1db41c54e

SHA512
e5bdb48da44b916967b41a25ff77ff7394aac813c821650e7a066b5d68c51da8afe2adf93f7d3043e3b4c813cd83b1663518d096a7c9b8db98400d86638d881e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5885c5.TMP

Filesize
48B

MD5
31875ff9db929532daf1111a259f3c16

SHA1
544410c9550160943a89d44098fec91d61b87b77

SHA256
b1a45c3998f35440d1be776c96e63ff80f3a4c46ac7d26121201195c1289da14

SHA512
4442de1c9ff285e2e1622a6e06ef2ac99277e42cac2b98e892e9b9c799205b08b3bfd246bb51c7393e4b471bc8d018758ec989fbb6f228a052240b2087535277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
581c44f4c9480b0cddfb9459417c6f20

SHA1
758485658885870fbaf3afc1d75594f45524d101

SHA256
efc2d9fd0f15bf45111f91a5a2e27bc6c6c6cac0fd6f736978a2ec64aa7fbae7

SHA512
e937198d4a6c43fd8d660be0b2263191f3cfcfd337af2cae920ec66f5b13d1c89bb57013b43f5721e5bdffb8d71cf8788aa7c8aec9effd3fc32edcbce7a10b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
43dda7dcfd49052ea2c75d053f265ed1

SHA1
e5604f447e5373dfba879be6f9db75dd9913463f

SHA256
26e807695cbbf4e4d4f09a12e15bc59b1f381fe03dd188f2d4a31e7f9079f434

SHA512
2739441952b69acbde30b16f9f9c1ef51c8d1f6964afe2faa1734ec3e64a6c324f09c10b794f63f93ae8542c3554d10791ae1021c401d659da909bf54566b49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
44d90060be0bfdde3b76778e6a72281e

SHA1
a5f90bdba9fa4a4586412e49601ca87c786bd707

SHA256
0cfbd353b3731cbc4c9ac1d46bb07eb5bc7a09232b4148659456db147086d106

SHA512
de85c020660301948c98765cc09f3aabd7929c3e6135367da5ccc0e8d911298ec180c02fd6004e9092a3f9c16336ea361504c291e8cf14f76b2fe81601791fba

Download Submit
memory/2204-11-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-13-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-18-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-17-0x000000001CF20000-0x000000001CF3E000-memory.dmp

Filesize
120KB

Download
memory/2204-16-0x000000001B410000-0x000000001B420000-memory.dmp

Filesize
64KB

Download
memory/2204-15-0x000000001CFA0000-0x000000001D016000-memory.dmp

Filesize
472KB

Download
memory/2204-14-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-19-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-12-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-0-0x00007FFB1BB53000-0x00007FFB1BB55000-memory.dmp

Filesize
8KB

Download
memory/2204-10-0x00007FFB1BB53000-0x00007FFB1BB55000-memory.dmp

Filesize
8KB

Download
memory/2204-8-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-7-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-4-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-3-0x00007FFB1BB50000-0x00007FFB1C612000-memory.dmp

Filesize
10.8MB

Download
memory/2204-1-0x0000000000790000-0x00000000007A8000-memory.dmp

Filesize
96KB

Download