asyncrat | 6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556

Analysis

max time kernel
150s
max time network
149s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/06/2024, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BetterDiscord.exe
Size

6.0MB
MD5

d5ad8b950946239be36b43e1f09bd171
SHA1

80ae48c745b51abfdc54ebf7af9ab8fbc933898c
SHA256

6a950e011446449a8dece73c5e5a1cabd8c2fdc6d02e3bec1b1b38fc54be1556
SHA512

da3616e838d6db3527a8fdcdb41f284b261ad543cd50a9af3e64e07a4723f17b0338e3fec136872e437c1bb525e4890b5c0f8209b8a70be30f18c5b17d2b02de
SSDEEP

768:J951Fn3n9P78zQC8A+Xv9xUgGAm+kijfCKv1+T4WSBGlmDbDzph0oXRW7p+XSucV:BX9xbtgd0BWUbhh9U/ucdpqKmY7

Score

10^/10

asyncrat default rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

0.tcp.eu.ngrok.io:14406

Attributes

delay
1
install
true
install_file
BetterDiscord.exe
install_folder
%Temp%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
10	0.tcp.eu.ngrok.io
25	0.tcp.eu.ngrok.io
42	0.tcp.eu.ngrok.io
67	0.tcp.eu.ngrok.io
1	0.tcp.eu.ngrok.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629475823893778"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe
5064	BetterDiscord.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	BetterDiscord.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe
Token: SeCreatePagefilePrivilege	3056	chrome.exe
Token: SeShutdownPrivilege	3056	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe
3056	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2560	3056	chrome.exe	76
PID 3056 wrote to memory of 2560	3056	chrome.exe	76
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 4600	3056	chrome.exe	77
PID 3056 wrote to memory of 2568	3056	chrome.exe	78
PID 3056 wrote to memory of 2568	3056	chrome.exe	78
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79
PID 3056 wrote to memory of 4000	3056	chrome.exe	79

C:\Users\Admin\AppData\Local\Temp\BetterDiscord.exe
"C:\Users\Admin\AppData\Local\Temp\BetterDiscord.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa2df49758,0x7ffa2df49768,0x7ffa2df49778
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:2
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3644 --field-trial-handle=1712,i,12853085551394395122,8647907494352743046,131072 /prefetch:1
  2⤵
  PID:2336

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
19b18ef385618ffb82e21d2f38ce54dd

SHA1
c667224775e15a5557fd368f95fc1dac72a9097d

SHA256
3ff6a6789907e164f39446954e02ea6255f673e99c040c57fb31d2c7c2990386

SHA512
3bf6fe9078ecbd850cb5fd84ef039717cd5c0555d122fee4edb926f6e792b5546260803c392df88773f714788e4ee06bb33bcc30cf7fdd5d73b381f64706b781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0f45741602fe271fc394709b2d79749e

SHA1
b02793c228daec5e947fc571f52de05d8f560a42

SHA256
0e8f46bd49d62cc10e71bb1e36e644cdcd1a4d5b3abb9556325e92203c9ca69c

SHA512
f792cb3d5f830f9fc17ce71c17d15da831eeb709a67919714c03abb3bb968ef320556ac0d00af53b9a67c2294323c196a9cdb28c7e454f14548d1ffd1fe03055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
84abb7813d63fbca928cb22342d3a4f8

SHA1
3a41850c95f0d7c73d65641a6f79037df99d5613

SHA256
da535c265f0cb777ad856711dba06bd8e023c14c22c5e972f1234ab960693ecc

SHA512
450c21f4b767010c6fce1812e84f6da07ea799f7ff36d850c2461be9e71709b23a57118c6c8180104f12b0f70bc9371baff769be26962ba3484592e16c4758e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
942f79347387f7a60886efe8904a1cc4

SHA1
d26373c5327a9a834e719d6cec36ef9efef3c982

SHA256
795cf1bd3c5d4a8150374bcb6b6e80e999b17ecba49f1ca6cfc49e615df27375

SHA512
7409392e61aeb0655c87f1ef23a4bdb855132775b1bdc579e970e8cb4d71150d137490efa641427bbb1ae7a6dd06533f9942effdf6dccbb5a50a7ae564906044

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
698f378ab1d4efc1ab2ad74687a71e6d

SHA1
6cad8e35635c449b72a92341cd61ff75ddd611b4

SHA256
e4c9d665d76a4bfb124e967217ebfcd9a955146233cfa192c7cd1e253fd11cd3

SHA512
b93cb02a96fa03e7a4e5922447cb1a95c163e450e743660f448e5fb7694a715ab0b15c44244612e1e3fb6d28754a5c60ae28c8f51d5c0124aed6bc5c5a0a157f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
05af4b92e1e687e2615feaefaa9e0324

SHA1
bd26347e896095de37d07f9521b01a44e8cc1c4e

SHA256
435fbc077b482aabe4c70c01809ea5f814c03da0667b93eed42498db21be9d69

SHA512
2ec288171e56c75db94ffa0b14f9a411a06b2457123c5b041279c9acceb075e5c68b7faa2fe898b071d4f986d9604ef6534079bc5a24d9da694363a796bfccfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
d96c13916814fd7b27a67e25000c656b

SHA1
0c1feca5e8203d0f12ad830279810440ceba5bd4

SHA256
524f991ab4269f80a67a7b8bc2767fd332c5db7282b155cbe9818fb34d54e221

SHA512
62480729a073270e0f17290c80de7bb78e6a66fc37c27cd7140d97738864f04bd2d2d65bdc19624d2cd41e68ae3088ea8ef2cac95b247b272922e9084dcb4f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/5064-0-0x00000000004A0000-0x00000000004B6000-memory.dmp

Filesize
88KB

Download
memory/5064-6-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/5064-5-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/5064-4-0x00007FFA2DF73000-0x00007FFA2DF74000-memory.dmp

Filesize
4KB

Download
memory/5064-3-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/5064-2-0x00007FFA2DF70000-0x00007FFA2E95C000-memory.dmp

Filesize
9.9MB

Download
memory/5064-1-0x00007FFA2DF73000-0x00007FFA2DF74000-memory.dmp

Filesize
4KB

Download