asyncrat | f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c

Resubmissions

04-01-2025 12:14

250104-pej3ls1mbk 10

04-01-2025 12:10

250104-pcc7aa1lcr 10

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-01-2025 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cum.exe
Size

63KB
MD5

6ae8830520e0bf079fc97aa207673ac6
SHA1

8eab31bfba85b5847573bda4257f79c607f0c297
SHA256

f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c
SHA512

cb8e918f34780d91673fdcc6bf3a70d2a1bf82bafb62f59ab6fc0f98b5ee09a8ed404d99fee25a4d5f55f9b7c4a5dc280d41725c596e6ddb8fae158542f14596
SSDEEP

1536:+62ZBUFWbPZEYUbeM9odcrXuEdpqKmY7:+62CWbP6YUbe1cr5Gz

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Botnet

Default

127.0.0.1:1337

127.0.0.1:26550

147.185.221.24:1337

147.185.221.24:26550

Attributes

delay
3
install
true
install_file
hawktuah.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000b000000012282-15.dat	family_asyncrat

Executes dropped EXE 1 IoCs

pid	Process
2620	hawktuah.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2556	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2792	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2648	cum.exe
2648	cum.exe
2648	cum.exe
2648	cum.exe
2648	cum.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe
2620	hawktuah.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	2648	cum.exe
Token: SeDebugPrivilege	2620	hawktuah.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeDebugPrivilege	2588	taskmgr.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe
Token: SeShutdownPrivilege	1276	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
1276	chrome.exe

Suspicious use of SendNotifyMessage 43 IoCs

pid	Process
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
1276	chrome.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe
2588	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2716	2648	cum.exe	31
PID 2648 wrote to memory of 2716	2648	cum.exe	31
PID 2648 wrote to memory of 2716	2648	cum.exe	31
PID 2648 wrote to memory of 2692	2648	cum.exe	33
PID 2648 wrote to memory of 2692	2648	cum.exe	33
PID 2648 wrote to memory of 2692	2648	cum.exe	33
PID 2716 wrote to memory of 2792	2716	cmd.exe	35
PID 2716 wrote to memory of 2792	2716	cmd.exe	35
PID 2716 wrote to memory of 2792	2716	cmd.exe	35
PID 2692 wrote to memory of 2556	2692	cmd.exe	36
PID 2692 wrote to memory of 2556	2692	cmd.exe	36
PID 2692 wrote to memory of 2556	2692	cmd.exe	36
PID 2692 wrote to memory of 2620	2692	cmd.exe	37
PID 2692 wrote to memory of 2620	2692	cmd.exe	37
PID 2692 wrote to memory of 2620	2692	cmd.exe	37
PID 1276 wrote to memory of 2876	1276	chrome.exe	39
PID 1276 wrote to memory of 2876	1276	chrome.exe	39
PID 1276 wrote to memory of 2876	1276	chrome.exe	39
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 2020	1276	chrome.exe	40
PID 1276 wrote to memory of 484	1276	chrome.exe	41
PID 1276 wrote to memory of 484	1276	chrome.exe	41
PID 1276 wrote to memory of 484	1276	chrome.exe	41
PID 1276 wrote to memory of 1756	1276	chrome.exe	42
PID 1276 wrote to memory of 1756	1276	chrome.exe	42
PID 1276 wrote to memory of 1756	1276	chrome.exe	42
PID 1276 wrote to memory of 1756	1276	chrome.exe	42

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\cum.exe
"C:\Users\Admin\AppData\Local\Temp\cum.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "hawktuah" /tr '"C:\Users\Admin\AppData\Roaming\hawktuah.exe"' & exit
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Windows\system32\schtasks.exe
    schtasks /create /f /sc onlogon /rl highest /tn "hawktuah" /tr '"C:\Users\Admin\AppData\Roaming\hawktuah.exe"'
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2792
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp1E98.tmp.bat""
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Windows\system32\timeout.exe
    timeout 3
    3⤵
    - Delays execution with timeout.exe
    PID:2556
- - C:\Users\Admin\AppData\Roaming\hawktuah.exe
    "C:\Users\Admin\AppData\Roaming\hawktuah.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef2bd9758,0x7fef2bd9768,0x7fef2bd9778
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1140 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:8
  2⤵
  PID:484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2248 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1404 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3600 --field-trial-handle=1388,i,9325202188010933959,15155278398515266895,131072 /prefetch:1
  2⤵
  PID:2668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2996

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\443aa8cd-e0ca-4c29-b0c6-8a28ca7e1165.tmp

Filesize
346KB

MD5
24b6c60a4f69567eda9ef1a5d69a127c

SHA1
41bd36ea509c252001a013ace4e0f1219854f570

SHA256
42c06ae378b86b0f5b90b37d379cdb0021980e2750cc3139d2575fb4ef41b5ce

SHA512
43042027bf7466dee22739c094a3c71d9f7cf7f2c7c9235f96c4216371d4228ca49321f74592caee16b038504c4c2c8437e06ca3ff9833a6b41b4177c825865c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
f08e4fc621580643c01786798c6ac751

SHA1
4fab40f4d9383d966a1c763da005919d1bc5e110

SHA256
48b5f8bd65cea2ea711fc857235be1aacd26cc240afb0b284db8a9dd4ecaf221

SHA512
b9805ce7bfcced56f332d441f37e82895a0dd8fa14b0ec400dc5fef385f7dc0375974805e6acc76757c16eb523134dbeda55bafda633d937e4088fe5729b89d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f298d532619d8e41c7094076667b3900

SHA1
f8c5ae45535d8e07ff97e5597a4641e8a0590970

SHA256
7601388d1c4f49bbe12278f3a20f935a1f1b8e99434b69b787de77b8a2fdaf30

SHA512
aba251c3ef11e118ffd339eb9180c87db527e4f0d91a782b9ee79dcb1d4d60e8a3def47423987db59b68d6113115ceb15ab334e7bef533c22531385ce9d45f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
346KB

MD5
1704af9b03a595f9d990dca1fcf142c4

SHA1
d9c1b18578d4c9177ba331c38bfc17c17b78be24

SHA256
dd84e179ae47485e7a71eaf0b8278997d86758d6f444a3142e4103b5f0621336

SHA512
9a87421e716c7404ec4594a9f79ec4e72c07600a9228c6fdc5965a1676edffa394917d7d9d4813b37294dac35ee13ce8c414589d90062f78e0d1164d3c0e184d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
7062a380497046c0547dc5aac90dd53c

SHA1
007e53aee661bd4f3da91a9a50129ea734dd1183

SHA256
dbda2ebce5d980bdd860b0db7001b4c9c8d17d9ede647a51d0274d95f9746b64

SHA512
dc609d7ed86c6bee1bcbadb197e1a756d1fcb7bd57f37d35887d4e915ea6c32483552050cdbd8c09e05233798ceffdf57d782e34da46ef75b1c3fb4f114cad26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5285.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp1E98.tmp.bat

Filesize
152B

MD5
291f7a128248ec03760522c159b22176

SHA1
5c301b775fc54236973e854e9198940812f5cd48

SHA256
43d0a31be3244f7aba8f3d449f69029d9b61c4b978b06504e2e5be60e5e0518e

SHA512
9ba1d0bca1c5976480a7113e07cedd697b69a5d29503e2fbda6efc10a6bd7af783d1369c3a7b3188285ea4d666b0302be76826b83033a83c0c9d010a66632c05

Download Submit
C:\Users\Admin\AppData\Roaming\hawktuah.exe

Filesize
63KB

MD5
6ae8830520e0bf079fc97aa207673ac6

SHA1
8eab31bfba85b5847573bda4257f79c607f0c297

SHA256
f368400a4f67b6f2390343181e5d1945967c6cd25088798984e6e4654a1b928c

SHA512
cb8e918f34780d91673fdcc6bf3a70d2a1bf82bafb62f59ab6fc0f98b5ee09a8ed404d99fee25a4d5f55f9b7c4a5dc280d41725c596e6ddb8fae158542f14596

Download Submit
memory/2620-17-0x0000000000130000-0x0000000000146000-memory.dmp

Filesize
88KB

Download
memory/2648-0-0x000007FEF57C3000-0x000007FEF57C4000-memory.dmp

Filesize
4KB

Download
memory/2648-13-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2648-3-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2648-2-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2648-1-0x0000000000EE0000-0x0000000000EF6000-memory.dmp

Filesize
88KB

Download