Analysis Overview
SHA256
c156c2a525dedd8626371d6b8808787209c533147d8f515caa44a97bc95b38d8
Threat Level: Known bad
The file v1.lua.txt was found to be: Known bad.
Malicious Activity Summary
Detect Umbral payload
Umbral
Executes dropped EXE
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-26 13:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-26 13:47
Reported
2023-11-26 13:50
Platform
win10v2004-20231023-en
Max time kernel
152s
Max time network
155s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Umbral
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Blood EXTERNAL.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133454800580672981" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\v1.lua.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff94fa39758,0x7ff94fa39768,0x7ff94fa39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3784 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5268 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3372 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x470
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3748 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5720 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1936,i,13767419983239351182,15337730547394859560,131072 /prefetch:8
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
"C:\Users\Admin\Downloads\Blood EXTERNAL.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| NL | 142.250.179.206:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | 206.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| DE | 172.217.23.195:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 195.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | na.static.mega.co.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 71.25.206.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.78.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| CA | 185.206.25.71:443 | na.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs270n076.userstorage.mega.co.nz | udp |
| LU | 89.44.168.240:443 | gfs270n076.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.240:443 | gfs270n076.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 240.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| US | 8.8.8.8:53 | 208.194.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.77.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.117.168.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1312_SVHZTODKZNZUEBHR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c6b94e8398427e7c8c6c0ce62ac755cc |
| SHA1 | 550ab59f6a1748a01aafd3167c36c9bc7be9c729 |
| SHA256 | dd98b7276ffa7f7b32078391500cbd489d8ac170ca0071d8d87c5048b24a3ace |
| SHA512 | 9a97b53530f800c4356119c7c72031436696968439c873d19d87cae2410590423543a8d63d71d2fd11b1f31c807d1a240286932a0e5a580df6e820cb6abc3c31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 024aca493c6b6ea7479a0fa12a640a3c |
| SHA1 | d77ef57281569f43fbb886fb05cc1870c3b7a49b |
| SHA256 | 84fbea177fccd8096f75a02babe4f79b2472fb89400d142844a7e683dda17318 |
| SHA512 | ae41321dc14e5e53d93075193c9bcd3b560e2c71ceabfdc591f698d6dc69f96bff60683fe9a3bbdce58b6ad286f9f0c244fa216cb8fec37ebb04384c7d7feae7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 65f48c24eaab8cdb9c3e0b73b6cea061 |
| SHA1 | 4fb2158435f98c80060a3308d7aa9cde28ff1ca9 |
| SHA256 | c8e519c5920af8fdc3755e137d34c0a9b4c2eccf2e5fa86dfdbbf21072fe8784 |
| SHA512 | 5024caf5365e251fd7e1bdee1a16967fde6ee77e971de62a1f88f3e13611d34ab0166af6aed316d3f378fe1847d1448f825094e16cfb1b668a7e05b12c90919a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0eb4844519be1e3c4698065fc51ba5ff |
| SHA1 | c15bea99ed4043beecb91c6670473ea0242e17ad |
| SHA256 | ca1dbbfb915fb84e7fb3fd81eb940800e6ebf845170b8850c1eac7d62cc8c205 |
| SHA512 | 3c256c9b6597fc45607a010263b2a434b6b6e9e0347602d092f6c8674f0449c4ca0c77829181c0873cfcf37435c4c36d2886a07e1d855828b54260328f68b08d |
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/4868-251-0x000002098BC00000-0x000002098BC46000-memory.dmp
memory/4868-252-0x00007FF94C010000-0x00007FF94CAD1000-memory.dmp
memory/4868-253-0x00000209A6290000-0x00000209A62A0000-memory.dmp
memory/4868-255-0x00007FF94C010000-0x00007FF94CAD1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e39b9bb5786236486193dd4d939fd6e5 |
| SHA1 | 986e390055f4043d8963603a8b04068a158ec45b |
| SHA256 | 035cd37685555fbc84ed4fa3ab29897432743b6453b05a8798822fe868c6ba13 |
| SHA512 | 57cfc81495b8a7803c11b2edf52b1960ec5303ad5eff64d4289757111df91a57fbf5e072f5dfee6052b0ccda3fd6abe9b12ca4bdbdbf7a64b6f088c738a05779 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16e53c8c5d228da548dc427e527e4b0f |
| SHA1 | 8126e1213f87443ce0c813ebba8164f8f8cbc2c0 |
| SHA256 | 3878adafbb7a0cbbb76cc186055a0e2758c35b7cc1aa93d86616d41f3aeef5b2 |
| SHA512 | 667267a74352ad209dcb0adf409e39ed5743a22d5437d5f59a5f498dd536e0791e7fb7f83990bb1bfcf8dd2dab3146ab589ab9478358b74a81f3097f5adcac81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 8d7a4cf331975461488b789e0e79c5d0 |
| SHA1 | 9cdf429c24667aa2959d9f64cc6fa779de84485f |
| SHA256 | d540f2a493ffa6fada3abd339018b7ab336e411a47c54a583210f951517c2f22 |
| SHA512 | b800b6bbd867e3b93113b807c1b98980133ddf4f271c6f7bdd59c83fee23a5276175f2aa2801dbbdcce752d1bfbc332086fe125fd706bb8c9fee446682acc6a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f0a4.TMP
| MD5 | 73e0150d528a63842a4a1946ad94da10 |
| SHA1 | c907ae91b5e1ace5e869bf72c9d07a42cbefde61 |
| SHA256 | ff76912bc0b5235fe213174ddc72ac5125add3f270122141fd3bae37e9bfaa58 |
| SHA512 | 92ed1209ab6c44f283351ca9876432de8d1a87ebc592997ecbd3739c95b5d548355dbd53c4745a8f694b80d7ef82d63c893b4d8fca905684fd85f94a68a8a058 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 046bf9bb3cbd8706007453d0e80837b3 |
| SHA1 | e1da65d372f87924d1b117cb3be307c04a5454e5 |
| SHA256 | c1b52fbdb9a35dfd6910741fefcb4f794a20d423e0b54a0457ae05f7c9ca4970 |
| SHA512 | 478751d6bb4aaa11037a49c7a427dc8d84bb8356ef477b04ca90127dd5b4a6dc01defd9eb8551ebf5be78b88d5725488b755d65758a49cad9d1052debf9a24a7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b28a3c2e0b4e4740f145b5032bc9c239 |
| SHA1 | b4db39bfd1bdb19af0537bf56011315a5a11a509 |
| SHA256 | f4251522474fb90a730c3f93d53af8ac1e1bed06eb211ce895ffd6bd7c2485ac |
| SHA512 | c634db74d4bfe30791ec322476cf4acf119381e3376120bbef9290a8d12e97e1f3a1fdcf189df43a7e8b15008c5ab462ee01173088972ef655477047d9e87c49 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6552d1564e0ab0a279e933f0f4ac227f |
| SHA1 | c257716ebfb3d5010c5fdd36b0fc434588bea525 |
| SHA256 | f20f3943796b414a896559444b64d3a08cac526567c489a7254e7ca3ce8d017d |
| SHA512 | ed8b9e2428d17c839954aca81d893009eda1a692580a67c31507a0dab66157602240233f52c5096ec445c6c736fbe6e3c4d48157d3ada1f92480c565a1bd005d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | 6633204676c90fe0cf563b95cb5a328b |
| SHA1 | be3a7755eda9905db42e2fe9a9810e5b50f02d21 |
| SHA256 | 77b570cb61cd722a8350d18d75f1c33834b2c9f47cc9e2ec790858906ee76a1e |
| SHA512 | 6f8ed8603733c46f7b89e471397ece58b4f5ea0eedcbbccba163dc1891877294e85fb45b6eb0a82a487b30b4d6ecdd6215bf4c2b99281a37faa99849369b955b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f18f.TMP
| MD5 | 824488bf34c007875c9009e79c7ebe4b |
| SHA1 | 19d9209b9bcac8943e70791fa48df4ae09318b2f |
| SHA256 | e189cac48db10e0662dd88a193ef63ae0363d74531e6a2d5bbbe9d678f62cd57 |
| SHA512 | fc5931b3315992600f888591d9a03fa847220c71ee3ae25543a0733cc633acdf931cf14c14565910cbdcc2ca4867bcd573bbe3a07e79379f55d2cf2ef1572f97 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9d5b76bcb8f3cfee794b2e20dc29666c |
| SHA1 | 97a38723b914784c163d3f16fd1276c2c1082ce9 |
| SHA256 | 04b95a450be745b817897a0d224fa94989c8bd07f1c2ecdd289df208390027c3 |
| SHA512 | f9f463720d7cce49de56bac62bc789e5c5fc456bc0de0016ef78e27bfcfdfee81fa9091e9ce5dd3b7324c568e2c2bc4214bf65418ba4a1760ce2c03153ca4c43 |
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Blood EXTERNAL.exe.log
| MD5 | 8094b248fe3231e48995c2be32aeb08c |
| SHA1 | 2fe06e000ebec919bf982d033c5d1219c1f916b6 |
| SHA256 | 136c30d964f4abbb5279bdc86d0e00578333782f15f05f0d2d050730dcb7a9bc |
| SHA512 | bf27a3822008796370e2c506c910a40992b9240606ea1bc19f683b2fee86b81897660ac0cf8e746ca093dae9e408949e2e9002ded75678a69f020d3b0452801f |
memory/2360-400-0x00007FF94E630000-0x00007FF94F0F1000-memory.dmp
memory/2360-401-0x0000027B0E080000-0x0000027B0E090000-memory.dmp
memory/2360-402-0x00007FF94E630000-0x00007FF94F0F1000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/2552-404-0x00007FF94E560000-0x00007FF94F021000-memory.dmp
memory/2552-405-0x000002522E2E0000-0x000002522E2F0000-memory.dmp
memory/2552-406-0x00007FF94E560000-0x00007FF94F021000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/4368-408-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/4368-409-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/2740-411-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/2740-412-0x00000264CFBA0000-0x00000264CFBB0000-memory.dmp
memory/2740-413-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/2820-415-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/2820-416-0x000001F546B60000-0x000001F546B70000-memory.dmp
memory/2820-417-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/2688-419-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/2688-420-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/1924-423-0x000001C894EA0000-0x000001C894EB0000-memory.dmp
memory/1924-422-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/1924-424-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/4300-426-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/4300-427-0x000001767C400000-0x000001767C410000-memory.dmp
memory/4300-428-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
C:\Users\Admin\Downloads\Blood EXTERNAL.exe
| MD5 | a4379fc86adc58efb212f662f3d6b8cc |
| SHA1 | 5bf25771ff9006b0cfb6ad820503eedc054362e6 |
| SHA256 | bdc7f2fa2abd884838f90a2a44af32c48f7e87d38ed4d887c80bc2f0d4e02930 |
| SHA512 | 3434272593c73e2ea9b3110e1e54b3ceae20634796dbbc0c1191a2983031171227b968d464de9e106c148e410ecf97ac854d45c741dad00cc76b7d1977a16df1 |
memory/4156-430-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp
memory/4156-431-0x000001B8CBDC0000-0x000001B8CBDD0000-memory.dmp
memory/4156-432-0x00007FF94DD40000-0x00007FF94E801000-memory.dmp