Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/ was found to be: Known bad.
Malicious Activity Summary
BlackMatter Ransomware
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
Executes dropped EXE
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Checks processor information in registry
Modifies registry class
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 22:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 22:08
Reported
2024-09-22 22:27
Platform
win10v2004-20240802-en
Max time kernel
1157s
Max time network
731s
Command Line
Signatures
BlackMatter Ransomware
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715165119349779" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff82b12cc40,0x7ff82b12cc4c,0x7ff82b12cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1884 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4012 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3788,i,12739324437157414451,4937378179832340182,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap15676:190:7zEvent17927
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\ApproveAdd.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 216.58.212.209:443 | csp.withgoogle.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.201.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 97.32.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.68.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4296_PZBMWRYZTSRFZAST
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | b1a0d8e98b1b968de6a2a090ad60f3e6 |
| SHA1 | f36cb43ddaecb1d7862b028f29be3e6244314ee8 |
| SHA256 | a542c0e1dc2cc0a19c544fdca63d9b1ccef0c3246c07f68cdaa535246389a5a0 |
| SHA512 | 270d14589dc5f229f6447a61bdfcd59a4b9244c9411bd2a14044544804a594a3560c8b8431eccf19eb21740a2bb227e0bbc4a3b65d8967e61ff6e9b5142f8a3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 95a4b4e47ca9b2e15bb8cb038a858207 |
| SHA1 | 668ba569d6b6360cc522e404c214b11d911b7b68 |
| SHA256 | 2d948b14af0ccd318588c4f23c147adbf31b7662710aba1501cd4f67f1eb7265 |
| SHA512 | 4888349d9d5cdd3f51838243f6bc859f1a153f4602b38739134e6b7532ba72022b053ae59a7cec5b6495e3bcdea54c8d763fa7751a8067163cc1c78c53606dbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6a71d9d944fd7091140d42b4a19ef47 |
| SHA1 | c0f8019a5956d7770ecdbd2b0b8ecf9884c08033 |
| SHA256 | c1508f81aadf125423400603c20d0d347cf453710dbbbd78da90912c4fd24a4d |
| SHA512 | 1118aed60e494798ffd8f58540d7a016a500d017e03169ee440ddbca0db1949422206d24f3937e3d05e9e52606f01ec0a1ea5775d7d94cde3ebdbbb975289f03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3f133c59d71ee25c36fa23b8c6f3c98e |
| SHA1 | cfe051f1b07aee60f524c9997fa72f8dbe44a761 |
| SHA256 | 7a1f76ee62290ac26572d8199d7b474e520e86d3f52e7943c361c63a88246821 |
| SHA512 | 363a4dc6786beb519f724c9c77bf1704731b29fe22c1ca407aae2548f2e4f89b04fffaa3cce5d40996517c9bc0738fb453cb08b6cba392244051b37f0368e1a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2ece29fbaab6d3ee873da6a30839a9a0 |
| SHA1 | c9311ad719fa2a6caaf0fafef169e10856ecd07b |
| SHA256 | 271286f31245f15fad26eacc020fb1746e1e3a1bff5de281cceaea9664ac1e2e |
| SHA512 | c35bb03b74e24b256ab5a62b4d696c0eddb22db5c688be2ab8b6271f201dfd186ae4e4f2144f8b43406d63832480fb048a7c71377c56ebe3717ff388c46f2922 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5626a06b5a6e08cabab642ef5c4bf211 |
| SHA1 | 3d8e97df5e7be178703e2dcafc872f372c6cdc76 |
| SHA256 | 97ab4555ae9450c1428dd8479eb55d16f3761a0541f22496c5bcc04e2ca6a08c |
| SHA512 | 52c2af935e1ccfb2ffbc4f53587ca9a8267000e4dfa786e54940ee4279855138d5d116bb135bef706ee4add631b9084cc6f356f0f7e18a6f16fcb3ce4a6fbca3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 551ca3bd8e119eb9f536b4b508b1a0f4 |
| SHA1 | 69d2f3bbf630deadd1aabceaf30a21a986db031f |
| SHA256 | af3fa29b39750447cb62eb1a14a003834b5cfe94190bc9bbf07640e91a3f6809 |
| SHA512 | 1b03ed8caf6958011030c5ede4958d4632757ba540d151c849173407b7463a5b91f49f72041a7df8bad6dd74ab9980d780ce24636392968f0098f21a50347523 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d258b47bc0008ae5ca7346430a794fe5 |
| SHA1 | 179a8be83a2046c9be9e501239bd369ae5a143a7 |
| SHA256 | 389cde0fe9270ec4037e83b491cec4e85dc6b981d1c0c2f4daa475bb0d85c085 |
| SHA512 | 3c3306ef817a077238befd78b871e33fbaf660b214b4b705dbc6c66c53b9d67b078cba8cc80bdf5e15034a015616627003c71f3719cd83f2f5425ad9bb80e5c2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aaf8776af56d8a84d1124282d21ddf63 |
| SHA1 | ffbde2f2ee56752b1e1740d2235fb79ca1e56025 |
| SHA256 | 1fce15304f62e4b63fa98917888f319d8f25c3141c995c267eef479a550e9f2f |
| SHA512 | efbab46fd466f861a0c5da50185c516990f0a6269fc7f8a08962c96a334548c15fc2a0a5e4adbf73ed5987c7c668387ff250e688e41da0e3723807dfe5f22b82 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35f704f985428d80d61a4ca7240abca4 |
| SHA1 | b9a70b20a2b363bb59427ab434af89d905c2fb56 |
| SHA256 | 715cdd9aa46864570036e608160b4a63632afcc8ba8733061e725d7da0f40774 |
| SHA512 | bdcf21c7c0f7cbd41d8f959b2eb4acb4a3285e70bca89aa59823b6c4f02df71e648898a0b7b589d0136cbf1e5f7d19e015f111fa2eb49eb7a2225ca68f9496ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9201e7dfe9a652e1cc94013c581157d |
| SHA1 | 8d010e0ba6901a24fc42a70980bac089c4527535 |
| SHA256 | fdda176d3204baf0643928fffb1ddb97a5a801590dc6a4dffc44aada2b515463 |
| SHA512 | e13ba4dd605cb1626a5139ae66e9bcb5496cef78135d470020bdf8e7e6ae30b6db1919136fd1646a667e417beec318ff241b8a7f762087336372ff5fbe47adb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 13dfb67dcfff4a169c7d7ad8bb318e7d |
| SHA1 | ab64b94e09eb592688223207f8bde3e5ac93640e |
| SHA256 | bc36f947ff6a3c746e4a4859ec45d35dcc7e66a36850544198abdd1712d26f17 |
| SHA512 | ad66cc7775ed09ec05cb702de9dcfadb86dbed0e0486b458af7d3cc78654326a62f609ef58b90f4259e2329b12dd58f3867129bafebff6048bb92757bf0b3cc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | feed3bf3e8313d741be8d7d69647c979 |
| SHA1 | cf4686173462cda9e09e3495a1ea0ab6ade39c58 |
| SHA256 | 15548df3aedf3070f3b731b69949ec2126ed70b2baf716a44b4ad91efe4074af |
| SHA512 | fa0b61302cf6fa5975434d05c01f50c69b95fbae0902cdb67941a99d68c0fa5aa5299133f24e0d20c637817a43ac6f91d5688e973f0a4288935b1a4f1c69d4f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9ec9c31b9be9c1e63953bb689f1b3fb0 |
| SHA1 | 49d415f62e8eced0d6fcc6297d19b2606b5dbc04 |
| SHA256 | 1158c3a5588613b0107617addb9ff410dc4481b20766d1fff6138d87e7efe7bd |
| SHA512 | 76b8c79dabd72573f950c2d4e1d241cdc35e451dce7eeee9774bf0bbcf99eafe5c950fc877c55448aefab02267755723fe8533fea42e10ad9219a79663e2fbc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2911296375a6a1c2767b57cfee00ae16 |
| SHA1 | bff0c68214527a47e5236954b3dc94dbe570349c |
| SHA256 | 23263a2bd56ca575c61680d29399c91edca6f0b8b2351ee174b244ef5eddb977 |
| SHA512 | 0d9a16b0c221351f4dcac96c61bd45aad3ebfe14e2a917d19b55af8405de1d885cd8e5a3fcdfdbce74c9a54ff3dfbb2aaeb272261cbc7564718fdeeb961e3f18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3dab6baacfb01bd30ff09f3de7b8db46 |
| SHA1 | 2872a1e84ca102987efcd6827a1c721089ca4454 |
| SHA256 | b9f3accf0f3924c99ef7b9133ae90c50e07a3ddfbdd7afd13329529a85d2fafc |
| SHA512 | d9071a68157da9721f20c7eb7447511b9e2e610b86544d72c082329be51335e735170099ce360c87d8aab06030e6805bc5b4b83f42c61e7cdfc6187686f76683 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a8011c6d293574b56aacda75e22e50e1 |
| SHA1 | d0fbcd4bafdf1aad37980f2ea6266b6afd4ae793 |
| SHA256 | 561f43c713c1a4fd37ee66ba81e5e1f7ff939ae2afc57832f96e0bff3dbe4d51 |
| SHA512 | 5217c9bbe7f2340e68f94d08d7f39de81af0c108b374c08a86e67bd9b790ef2d9f2decaa63a9a2d7db7e5357c18efcb8ec7175f6a1c4548e6d2c97cce918ef33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 7b8ee3b710c773625f43d26696c2961d |
| SHA1 | 52bcd0c60fdbb2c86bfc703476c82ab4909cddf8 |
| SHA256 | 7da4bf679f43232819b4264c911b50fa7afe2b2155a4ef37f5a231c67de1d85b |
| SHA512 | c0d3ca9184fd53a2bc2478ca3cf20ddf60e080e6faebb2d8aa7eea3920ef4d21bb43ed250e9e720c2294fd56064b9fa6ab67dfc5831f7163b81f8e4868567f33 |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.zip
| MD5 | b4d3604087f3683ceeefce1af7ed9943 |
| SHA1 | 4670d92cd1ee09869a2a548c59a4ebdfbb8931d5 |
| SHA256 | d7c676e60f2c2256f1886bbfb2d99feca27e5fe25774a65abdc8ccfd59018349 |
| SHA512 | 8bd1b5b3f3a6429074ef206966adcf26c1fd52af0a20b9d949b946c26fed8efd741b590270a871b985c1f6b92e802ab046f3accee0071a2efaf40b2e97bed411 |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
memory/2812-307-0x00007FF7FA1B0000-0x00007FF7FA1C0000-memory.dmp
memory/2812-309-0x00007FF7FA1B0000-0x00007FF7FA1C0000-memory.dmp
memory/2812-308-0x00007FF7FA1B0000-0x00007FF7FA1C0000-memory.dmp
memory/2812-310-0x00007FF7FA1B0000-0x00007FF7FA1C0000-memory.dmp
memory/2812-311-0x00007FF7FA1B0000-0x00007FF7FA1C0000-memory.dmp
memory/2812-312-0x00007FF7F7A50000-0x00007FF7F7A60000-memory.dmp
memory/2812-313-0x00007FF7F7A50000-0x00007FF7F7A60000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 035f2ac7313e0dd6df12a0a207c56359 |
| SHA1 | 01b512cfb08f4af8537598569cfed5b6216f8a81 |
| SHA256 | cd7e1292a2eb18cec3d7c2e6c4247c14892c2b99322bac3bf4d84383a0c1753c |
| SHA512 | 44642e407967b864895ba6799451d3bc7714f7c1b00ab49ca4d7985bf180ca718f96568eea83c44ae1a2a6e0e3e6cf42a55dc329bba17d0eb72a1efb41408d60 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
| MD5 | 6710afed017be7f578c65a15b84c5215 |
| SHA1 | 429f054a6f2ef54d0d18b82818de56d8db2f9b1c |
| SHA256 | 137890a15835d747e85c60061836782188c8bc9e603efa7d84837bcb058f7c62 |
| SHA512 | 4a92ff4be64c3ddaa5414b2a02702043289b1818ed9774093ad712c8c8a2f3538f2e570f013b7eebd15f37ddc57a7ff97864156cf0264ed3643876949959ab44 |