Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

LB3.exe

windows10-1703-x64

10

Resubmissions

03/08/2024, 12:19

240803-pg7lpasfql 10

15/03/2024, 00:25

240315-aqtc4adf33 10

15/03/2024, 00:20

240315-amv3hsde39 10

Analysis

  • max time kernel
    74s
  • max time network
    55s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03/08/2024, 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LB3.exe

  • Size

    147KB

  • MD5

    1973ccbab82020881d531ccd1f2ca48e

  • SHA1

    7e18f712e26ea32b0e8aeb4cd3c958eb8d32dfed

  • SHA256

    d20d22dd302f51341405794a8fb3866c234fafe614b67b55934a9a959a4cd847

  • SHA512

    67654e67afe6a3e1ddf335dff4b976e254c45d8046853607cb4e98af6cd43accee8f2e35e296b932385bc9a6b7fed96ee4be6e113457eb5eb057bd8301f476f6

  • SSDEEP

    1536:PzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD8UhzyIccE+72p2Kbm+0ep3PeAM:wqJogYkcSNm9V7D8URMcS0ep3BcTT

Score
10/10
lockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Extracted

Path

C:\xcEElHqGu.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom All of your files have been encrypted! (Warning: Attempting to remove the software will corrupt your hard drives meaning no further use even when wiped. We simply charge $25 which is far cheaper than buying a new drive.) Your computer was infected with a ransomware software. Your files have been encrypted and you won't be able to decrypt them without purchasing $25 BTC. What can I do to get my files back? You will send payment of $25 BTC to gain access to your files again, once payment is made after 3 confirmations on the blockchain (15 mins) your files will be restored and the software will un-install itself from your computer. How do I pay, where do I get Bitcoin? Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. Many of our customers have reported these sites to be fast and reliable: Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com Payment will increase soon to double, be cooperative and your files will be released. Payment information Amount: 0.000385636 BTC Bitcoin Address: bc1qc76qr24pxnms9f93mytfg4dn7ztuvmje7g43dr

Signatures

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit
  • Renames multiple (530) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Drops file in System32 directory 4 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\LB3.exe
    "C:\Users\Admin\AppData\Local\Temp\LB3.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
      • Drops file in System32 directory
      PID:3204
    • C:\ProgramData\B3C0.tmp
      "C:\ProgramData\B3C0.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:4444
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B3C0.tmp >> NUL
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3796
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
    1⤵
    • Drops file in Windows directory
    PID:2320
  • C:\Windows\system32\printfilterpipelinesvc.exe
    C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
      /insertdoc "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\{91F7D01D-C3F9-42A6-966F-4801F47C45FF}.xps" 133671611720130000
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3708
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\xcEElHqGu.README.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:3712
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4656
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7fffbc2b9758,0x7fffbc2b9768,0x7fffbc2b9778
      2⤵
        PID:3104
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:2
        2⤵
          PID:4912
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:8
          2⤵
            PID:1568
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:8
            2⤵
              PID:4664
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:1
              2⤵
                PID:2728
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:1
                2⤵
                  PID:1860
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:1
                  2⤵
                    PID:3180
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:8
                    2⤵
                      PID:1960
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:8
                      2⤵
                        PID:4680
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:8
                        2⤵
                          PID:1820
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5276 --field-trial-handle=1824,i,15127310383755037783,10780061860312005566,131072 /prefetch:1
                          2⤵
                            PID:3856
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:344
                          • C:\Windows\system32\OpenWith.exe
                            C:\Windows\system32\OpenWith.exe -Embedding
                            1⤵
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:788

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\$Recycle.Bin\S-1-5-21-873560699-1074803302-2326074425-1000\desktop.ini
                            Filesize

                            129B

                            MD5

                            fde6a42469caf9e098ec99525561a1da

                            SHA1

                            62f7a2d2d4d38ed563317fa79fda7198c8465c3a

                            SHA256

                            95053be4ac0980be05a0d1f94adc750ae089244c396d7c05ef3fb758e6346394

                            SHA512

                            9f226efc462f6561a035144561a0dbe4082ce36e484d4af762528e16c6692322db866ebb3108b54038750bd1a0eaf890cdf16bbbaaed51cef7da63df290988fd

                            Download Submit

                          • C:\ProgramData\B3C0.tmp
                            Filesize

                            14KB

                            MD5

                            294e9f64cb1642dd89229fff0592856b

                            SHA1

                            97b148c27f3da29ba7b18d6aee8a0db9102f47c9

                            SHA256

                            917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

                            SHA512

                            b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-660EA6E2-C14.pma.xcEElHqGu
                            Filesize

                            4.0MB

                            MD5

                            45659376c43fd4dd61075ef02b286a7a

                            SHA1

                            4167098d6c69cb0b8a79b8887c02f53cda291a56

                            SHA256

                            22cb7b9fe9c21d74db4394780b16e1976b2b3ed6cc60712e63db9ad872f50030

                            SHA512

                            f4cb45f05a25be6167a31e7bb237672c9d44ad655391950df52c6bb573a1f4b11bb1065a57028d63bca3e1893031188d30ee8fae535a0b4bcebda47f232a3173

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                            Filesize

                            40B

                            MD5

                            d41f1729bd1a44396e3f9846762df6df

                            SHA1

                            2147365adc327290b3667fbd874e9f6cd42eec7b

                            SHA256

                            dcd2ab55cf4a678558dcafb4e7ae2b498a101aada8f53be000af6c8e9a3f67b9

                            SHA512

                            0e5cb2ae5db14a4103ef609f8c7c5997c975b4b2da5dd985d2e78d549337e7cd2321460d9098a96a29950b7969fbf55040c7013eeb8239a3ff408c2ba0b6af9e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
                            Filesize

                            209KB

                            MD5

                            3e552d017d45f8fd93b94cfc86f842f2

                            SHA1

                            dbeebe83854328e2575ff67259e3fb6704b17a47

                            SHA256

                            27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

                            SHA512

                            e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                            Filesize

                            168B

                            MD5

                            bfe18c3341c8b25e2ab0e5df540b301c

                            SHA1

                            500dc66286d4e6a8a741c804799f5ae8726a1091

                            SHA256

                            8916130bc60e54dbcd85198cfed8f8d82d7eee35d0540b232b8c20fa84e3899e

                            SHA512

                            16888f75a8f069bddb2aca6cd68102920ae007b88f920e5088224270dfbdca60555759aa95b6e041bde3356e60dd8c0fc3558c4a39048400ed9d70446605fc82

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico
                            Filesize

                            193KB

                            MD5

                            ef36a84ad2bc23f79d171c604b56de29

                            SHA1

                            38d6569cd30d096140e752db5d98d53cf304a8fc

                            SHA256

                            e9eecf02f444877e789d64c2290d6922bd42e2f2fe9c91a1381959acd3292831

                            SHA512

                            dbb28281f8fa86d9084a0c3b3cdb6007c68aa038d8c28fe9b69ac0c1be6dc2141ca1b2d6a444821e25ace8e92fb35c37c89f8bce5fee33d6937e48b2759fa8be

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                            Filesize

                            1KB

                            MD5

                            8452ab41aa551a459d9520b9eb4ad5de

                            SHA1

                            48c2d162dea382a5d91b237a1a7ef3965223c5c4

                            SHA256

                            d118f0811e75c76bd1822a37d58fbdfa1d7d8e82771cf2587a6a16010970152c

                            SHA512

                            1e9fd5353a35bb00864e497e9f17b89982177e1ddc62708cbd16bed5f159786e2501fc944f64325ac308c467d4a9d93df0c8c676312e801c1f585fdabc82b7f6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                            Filesize

                            371B

                            MD5

                            b4bcf3a0a55a15f751eb4d6c6c72e62f

                            SHA1

                            04795ed6532c9dc6c577a7b61277f3143740166c

                            SHA256

                            1bd034757520fc50204534c8613a6adb612f0db5853f4f8c8732c647af85e421

                            SHA512

                            0cb3beb4f5476a2854687c4739178ccdc0e24a62d9dd6ea81a4459715d5173303fc6c59a3553d63f278aeb4ad51a19d274ef36b343b75e82d7bbc7a297ad0d6c

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            d1f0a6f7ddca607176536ab7bc66e074

                            SHA1

                            e17a53faf273d1b8ee96cc95e349bfcbdf057deb

                            SHA256

                            cfb273b6fa4a7ece763e9a59307bcf3d363c560501518653a0da3c7a34a55b54

                            SHA512

                            9de23a7bcc45da5dd5cda3cc143e72fdf9fb7ce7ef2009a6cd97e7b4b752f48ba8bd9e6971d223da5d3e0c03f0900e7a283af3312ec2845cdb81ef734e31961d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            9e2caa9ad187230d63bf824e04b098cc

                            SHA1

                            c848d4f25443f9e5d139fa13f7491169d5e2a1ab

                            SHA256

                            b7e2b591ac8c1d6f724c5b55798f62eba8d793f1b87c819c882bfc8204ffd2d4

                            SHA512

                            d257bc830de5777c9e9b8ac8d9a336ce53e5cec9e11df23594d8487906e8116f28b480409789f798c0f7bd660fbda9ab830653fc31fd450cc4e6d284368c8867

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                            Filesize

                            12KB

                            MD5

                            79fbda28b07648cc549ab2d073c3c913

                            SHA1

                            a43c5413d6803b13a468281b32bc02b4b5606b71

                            SHA256

                            c798e3fa816574cff5b225581faca499ac81f492288473a6c114b950b73adabd

                            SHA512

                            c9f0971ec71bf116827ec6d4d88cbc8c9aefa766c5a5a4571a7982212d6e9a544ba57ac0eb2800d48ecf77fefbb7330ea61285a9f11bc0b9e15b9b19e2e6db3d

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                            Filesize

                            160KB

                            MD5

                            96ec6cb8a793df3d1db172e37fd6e621

                            SHA1

                            e0fa4e490091f80ee32d120bfea196700621943e

                            SHA256

                            ff39b63d325c14fbc504b3bc3b883b2cabcba8aa6e283802d8f175fc740dac32

                            SHA512

                            2e74c8703a36f0e3d52099d8c47bda4f6640c99aacd854afd71d279db030c539257bd1495cad72a15c6d55430c2639ec357e967ef5d2a361c503d52ac9a06b74

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                            Filesize

                            160KB

                            MD5

                            5aba07b74c3c46357e14542829f5b3c3

                            SHA1

                            4da4a654cafc2d920dd1d483dd337b4db490b7c8

                            SHA256

                            450bcbeae4019b8b6c876bfa2ec25b400895584c8b69eaafd558917879a5cf0f

                            SHA512

                            9d7ef16d6b0d5bc9663e666e7c3052fb24d21938db28e14ddc17bd71347ad219649a5000c1142822a6779364ac980450736ebd7cc1adf2a2fcd9db97828ec8d7

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RFe583275.TMP
                            Filesize

                            947B

                            MD5

                            bd8d789c67289a76df7bc11264333074

                            SHA1

                            7faaf60b754768e8df61fa2c0496df4d5d1e0abb

                            SHA256

                            61d94a1f1492dbd4c9e9ebf18ed68b07002d6190ff3299ef5d481aa4309d87c8

                            SHA512

                            e1f50b857cc428cd5926c8a816812632c9404fce1bd7a85d82ef42490b45b904824330eec51407fe339596947a42e646f3cd3f451e540f12438ba0ae54a7f247

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2
                            Filesize

                            8KB

                            MD5

                            0962291d6d367570bee5454721c17e11

                            SHA1

                            59d10a893ef321a706a9255176761366115bedcb

                            SHA256

                            ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                            SHA512

                            f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\DDDDDDD
                            Filesize

                            147KB

                            MD5

                            f8aa6549cbd568f1b91157a293d80a11

                            SHA1

                            4f849843d834082f7600e587118ebf9418f1484b

                            SHA256

                            fdbc1542bc96cd14d3783a78916462a2b32c21d4d3b423559bae7e9448b6b437

                            SHA512

                            0f778a763f7d4e9f5324529fea141ce2602c5dd2866d76f8c04d10162ff04cc67a90aa8b288d588755974cd052db637b3046c543662924271c8bd3631a2ebc8f

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\{97E6DBC4-F932-4AD2-8AF4-44268C5D6000}
                            Filesize

                            4KB

                            MD5

                            47303b6340156469f273124e5d16b1ef

                            SHA1

                            1dd31a7e38e7c9fbd9b82d5987257f6804487192

                            SHA256

                            39e14f03ab31d1594746f49481159e2c9cf40afaee1339e424601f426af5ef13

                            SHA512

                            b86fc163ee1db9b151eeb0be2f83ec1998743dc80e0222ee422498695cb5502e40b9c1f996d9dec53e9b2cb3f358f999f0036bfbeef7edbc408ff45ed44099d5

                            Download Submit

                          • C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2
                            Filesize

                            4KB

                            MD5

                            f7a103db0e43909fdaf7d4e1d6fc5d16

                            SHA1

                            e6bdb54e255456520379c88cbe460005f184ca67

                            SHA256

                            7bdedd63e5981641903176ca0c52db80da9fc3c24b88b2e6a5c097262507639e

                            SHA512

                            e7c5572391c9691f2be29cf35fed445627bc4224c1f3033eb81ba94b333761f7326a795728f8cda8e8393c969ac9fb1c628f6b692e77c7e7434d71fdc6dd01d4

                            Download Submit

                          • C:\xcEElHqGu.README.txt
                            Filesize

                            1KB

                            MD5

                            7fd2336a4cae4c2f51bb0860a6748860

                            SHA1

                            69ef22fd3afb86945d371d4be0fe9c507880dd1b

                            SHA256

                            413dd9df6327c861bd0ba99a1e99b2b00b75961230d8b499c993419da1ecca29

                            SHA512

                            8791bd4195522517edd5a05cec17473fb01bd9865d4f4ea9966ee105fc0dc9d720c56c84af278d3bb5b31915aba678b7786e086f4890ea138f2ff47f0288c523

                            Download Submit

                          • F:\$RECYCLE.BIN\S-1-5-21-873560699-1074803302-2326074425-1000\DDDDDDDDDDD
                            Filesize

                            129B

                            MD5

                            690c19ebd3fa368f50e546a05213cd8c

                            SHA1

                            b29bebeffde46f5b3b7c8b7530cd1d4de3e1a917

                            SHA256

                            62b109a4ae125c1b82cf290a9d68a4e58d543f5af15ccd8bdc546ebf176ce751

                            SHA512

                            b23446062c3be10f119b0252357e8cdc5b5cc59be08f8809c24e8a4e5a283187c5dd2ea4e30801ce17cd41b1e2f7efcfbcb25eb37a3d2ad39551ff8402692777

                            Download Submit

                          • memory/1980-1-0x0000000002790000-0x00000000027A0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1980-0-0x0000000002790000-0x00000000027A0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/1980-2-0x0000000002790000-0x00000000027A0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/2320-2893-0x000001D3F6700000-0x000001D3F6701000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/2320-2877-0x000001D3F1FD0000-0x000001D3F1FE0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/2320-2881-0x000001D3F2040000-0x000001D3F2050000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/2320-2888-0x000001D3F20F0000-0x000001D3F20F1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/2320-2890-0x000001D3F65B0000-0x000001D3F65B1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/2320-2892-0x000001D3F66F0000-0x000001D3F66F1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3708-3411-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2937-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2938-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2939-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2940-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2943-0x00007FFF963A0000-0x00007FFF963B0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-3408-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-2944-0x00007FFF963A0000-0x00007FFF963B0000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-3410-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download

                          • memory/3708-3409-0x00007FFF99530000-0x00007FFF99540000-memory.dmp

                            Filesize

                            64KB

                            Download