Malware Analysis Report

2024-10-16 03:21

Sample ID 240922-1zd8msxhla
Target https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/
Tags
blackmatter lockbit discovery ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/ was found to be: Known bad.

Malicious Activity Summary

blackmatter lockbit discovery ransomware

Rule to detect Lockbit 3.0 ransomware Windows payload

Lockbit

BlackMatter Ransomware

Executes dropped EXE

Drops file in Windows directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Checks processor information in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-22 22:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-22 22:04

Reported

2024-09-22 22:25

Platform

win11-20240802-en

Max time kernel

1162s

Max time network

1164s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/

Signatures

BlackMatter Ransomware

ransomware blackmatter

Lockbit

ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715163082525778" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3132 wrote to memory of 4548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 1228 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 2564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 2564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3132 wrote to memory of 4380 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab21fcc40,0x7ffab21fcc4c,0x7ffab21fcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1780 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4256 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4704,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5204,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap10348:190:7zEvent11501

C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"

C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SyncMount.xlsx"

Network

Country Destination Domain Proto
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.66.49:443 bazaar.abuse.ch tcp
GB 216.58.204.68:443 www.google.com tcp
GB 216.58.204.68:443 www.google.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 8.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
GB 216.58.204.68:443 www.google.com udp
N/A 224.0.0.251:5353 udp
NL 52.111.243.29:443 tcp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp

Files

\??\pipe\crashpad_3132_BDVZTTVRVWRNOKSK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a74c0c16-c9d0-45ad-a5b9-92397cff4a66.tmp

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 08ec57068db9971e917b9046f90d0e49
SHA1 28b80d73a861f88735d89e301fa98f2ae502e94b
SHA256 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512 b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 fa8d730a3350e7ce68ff51eceb46583f
SHA1 4ddf17d4092e66480f014fc9d69925df7ad17a6a
SHA256 84d06b49a51e373a87915af1f7e86c5a636f6717d70621baac2990b50d41882c
SHA512 ffd50d90bcd5c79af3851734799436fea56a0155fc2f7edb37129519f1119bb416c914c916e238982a575ec7a96bf5db74d68e62aaeda0b1053168d37d018b7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fa99fd9b-30b9-474a-adf6-06648f99218f.tmp

MD5 e17f3d2b0c99b3e3afab68880bdb06a4
SHA1 d6cc734859ddd4637753cd94eb61ffae4bd84cea
SHA256 f2b5f7f659b36ada0e9c9335648515fceff7fbb2f3598bc3687d18a0a741c62a
SHA512 0453c5dd2fb2fc390903639008f9b49ad585d20aef9deab1efc01644f98610ecbc74a95f00517c6a4aa31e8ff3fa1bf5d9891dd2b22e44e8c2a5135ba5f487b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 83048091921509e5ce7fcaa9bc75bdd4
SHA1 af9088e49eeb88a0065988c8ef38397c33dc7cdf
SHA256 0259ecd4271d3375980fc2dcb0db003a28e0156484b9729e4fc6dda372957de6
SHA512 e0310acb82769fecaccfdb5b2c433be3ceae82ec965be879d6f6c3e7b1e81766d7716acb125f05b0b03f2af822d6116dd87187e88364c2d407c622ab931af996

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0e38d65909d7af5a4dffb52813701724
SHA1 e6bd2d7469767dc36eca363f1e4c90142fd3e84f
SHA256 2bb8f066cf04594f056db69d5fba647d4f1f2fa298a4622260b31e4a65d9d284
SHA512 2467d3a2f92297e703e2f9f1886290f82fb03d42002c2e8a4b02548402d30de9bf9b59ac554704759d3c7141c0995939757d95be2f89a5e3bb097b2103a187d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26e6250c86ef83ac7f8412105dbc6d57
SHA1 7acfa10497bcceeecfd3ee05c27daf5f746ed8fe
SHA256 b17c2b0e82e31044fcc60d3b104bbaaf3c08a88c032fbc15306042c036a602f2
SHA512 660bcb8b3b78934734a95fdf3af3f19912b5f5acbe9ef4f1427506eb7f9fab935732eff821951a53cd9a0b203330a15af0b02d38a0926ea15d61289a7353ef74

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 49737f02b5cdca6414d7975dd63c4b51
SHA1 c3b8eb38e6e2791f6f6cc059e159de108c72cddd
SHA256 606eadf4d51f72b650ee07b5f731ac5da10205637b557419b648b05fc44632cb
SHA512 88c51b9fa1296b5cd3fd31ee431fe2a7903d2edac42b54f5c00b3e81957c96419a370e7d52eab58f05ed57d28c7a3253ee9ec61110d3f2d9c57cc6fb33e31215

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 35082d15c7b5ebbacf93c4b346cf89b8
SHA1 d71199b25f1c23ffd5fe8b8f25280d5117f96858
SHA256 515209590bebf149500e1d84135df6f38a09292084c3d065abfa7642f5b71011
SHA512 6cb8046a399ede0f6ffc83dd9fc7f704c697b4504a1e7a61e57b0119c1c1653e98bcc2b4942c9f573263b145e69cd517de6973c563c08c337f49ba8041a957d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6d338496f3dd1436275d164804259ec6
SHA1 ecb6b7b6b6ddf4c85b4da1f9de925812b70b7d52
SHA256 e8cea5d5bb5afa5aaf8ed8b39a6ea454e78adec10ff89d8e6c3f4d7db01a6374
SHA512 4194dfdf0e16375ee1c59a1bd60b2bcaa9d7a37df76730dce73cc8aff5d94870b8486696955365b87f041c3b223ef8a0dddce1fec026efd47bb2864d116a971d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2f51777ca00e656e9c316a646a1eb8fb
SHA1 f0db832df84bf227389cd684cc9f5da79dd3a3bf
SHA256 882dccad21870c0ed304d191cef4e314726f4b24538b69ecc77c72b2bdc4f864
SHA512 0fb02941b50a0fce05d1d7a2c402c9faf2f4ce310b4426a4dfc2d51f759d5665c6e10d395bf4c2d778b52bf43e28207f1920299fcbe3fff95fb7f7df88b0c210

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54c0c57e6fd510527461bbb6a9e9bac1
SHA1 7c61e2371f6e5fd742f2a965ce746af7b0c8d4ca
SHA256 e44f55b6f64f654468679150735a020d4f76d148ac1c015b6789135f3104ebaa
SHA512 a8e9bca821c4338ba05332d6b88f23b8b201e2c66117ecc7cfe768c792f04f8b9edc0ef78190d6959358cf244238c0a07d05b595831a614fc8e74a89b3c63f68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b518c5212fb2ade397cdeff6137b394
SHA1 797606f0f533ccc7d8f3ee2124a5b3de5784a865
SHA256 823b2d130f5ac714ddb5569a85312bf80c7e5e6c1fdf9c1efbbe55eb7f4fb95f
SHA512 f5e16fe14b0bcc825ad2b2d680014ecff979081a8f2af2ecd400b9b6e0de207691464adb27d58194a0db2292118b5baf4effca8948c7511d9c2cdcdacd99b180

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8b9066815f6c7b03ab5abaaa7880063b
SHA1 1208ced354ceff6249da79b08f9f0ec55d0cee4d
SHA256 cdd52c788dac8b9b97a0a72af1394f08fc5fd7e7fe299dc37a77095a3e1995b2
SHA512 d380dba4b9790b068d948a65eb88839e909ad69a662f62c75cf88fa4113bc69e7e33a7a32befd73445615439abaa4ae06d05cd578c163b6825af9826cb4e5844

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0301e5325b4cad86d2ad79ab82ee0999
SHA1 bcaba61dd16dee2c1bcb1597f7fd4de47f59bd92
SHA256 d359fd80406661d0b7bdeb3381c22cb12b08fcb8117be7a795eb70a6e6b5d45b
SHA512 0170f5468e1204d9d24bf6e59571a51ae93f7e09423b446cb029bb9c76814a3328328157bb5ae872c4a5c4313666b963dafb351f0595f97b8e3a14413648a4e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 685d9edca043528477aa66d999113626
SHA1 781ee3c853e45079e5fc0b2755b93c7b76b3e50f
SHA256 be81050befb6f1b4441af757b76ca1eb9ca447b9ffc1ec466eea32bb9c056b6e
SHA512 0d3df0af99bf94e1f0d8fcf17dab146940b2dd402c7c1cd05ca29c62979caba916c051a4fee701492c7f42c646493b101d70132ac2d1b2b26304ecfe86f373ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c77365a1c7c97820554c5c546beec4db
SHA1 423c0f45ba22f0c09a4c7af3538381a68953aa8a
SHA256 22b4781206d84a88622ef0442575d321583de29f18ce2d90e415abf5daba3999
SHA512 5b8034473fb09431c8948881b57ac71937293b693d44fe87981e08ce9ea53660aae3dc733b3a889531a9f0ee8fe5a04617897ec81ffe62ca681345d254db4a2f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6d58b6aada71f83f13420e49d22e16db
SHA1 7ce113527af34a004042f03de6f7b7b9fb53354a
SHA256 4c198bf49176fa8bfd05bc8562d3fc9b1cb9f73222b57e49e42d1566b9727974
SHA512 987d08f1dec7696b88302e9a3e8ac15a99d85a5fe5504c10a43abe9d25056e0b8048c1d64fed561f86a83c1763fc2c1216098ad4e74b9c249f366be119d6cd3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9622cc1f7bc8e8028dd3c874628ac61f
SHA1 5a4a400ba20e5b2879772c03b8dee4bcd1d17065
SHA256 dcd16270549fbd648b9b82a342874348e803cfb8853a46fa9bb2ccc4fd80ab26
SHA512 a83f5cb01951d24fd483b44767f0f63858934de9cd3e17698aa5648b27aecb213990c99c7e2a56b5ae224d7e09b1e4dac62d52b0c05a3b488f271e48feb9cd60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 83bfebaf089cdd9cf16db49db6cb614a
SHA1 bda5f01fee2264d7f9b7445d20474153286094c2
SHA256 140b98e7d6ddb40e3b476cfde6889c74ac0630125f0a0ebca982f3ced7004b70
SHA512 ac55ced7235cfb64412ac91fc5a43f87da7a0ac0c8ac06f017b86ec53725bba00b71a88a9980aa2e8be466ec04b828afd4d2ccaefe5cf0ed836806d75aeb9596

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a682a136c411be9507da5a101d0eb387
SHA1 65a5a1161eac782abcceed79fd8b363c00845783
SHA256 17a03251a49b9a7c3bb6144d66e705c800153b0b85637d2687ae8ff48ad651b6
SHA512 1d6b1af0e814e2f1e496116b85dfa94709bdabfc3bdc9e6a40e52b93e8f96410975f9208b9ba958d048178a38583b7ef63b148a7e71e8277850a587fd3d4aec9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e60037c02c900d9422d578877609d5f8
SHA1 71f272dec545dd2e17c731b6e9c8bd470ca9be52
SHA256 5d159d702e4f36db18c5594d095bca642f8bbac39319adc34d2cc6eb6577f7bf
SHA512 b5eb5f2887f1e507b7bcfa42da5f327d208e07056083d6fa16b08b6f0d5ddac46a401ff8a582fa75fc6d79d87c344ee32c07d9eb6f4fa527da42f46149bf9423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d70578bd3e0bb113eea0dda5b4f87ad5
SHA1 51e6f6a3464b2245b57af10e0099b133c6cc9c28
SHA256 7c66451b64f550f686b0d42cc78b32afc368cef5b88a4556e906e4cabcfd9cd9
SHA512 2d24235f391cc4d7fa5b7691048e12b704ed9af1b667b87d46cb724273f41aea310e049a4052cd0df20c6743c1840bc624d2fd35ae816479c01c2f84f6641a7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 266f591aaa0d351fb0b2ee5db867ec71
SHA1 e2139d94b999b9aad1de3cb348d0d4656b730f9f
SHA256 a581b8ef43aa6ca8a0a3621dc9256f4f5ab7891a33b6aa9f420962481d91fe03
SHA512 45fc7bbf2932efee83357c374b6a159467ba7906fde18652f16592c6f06a6007c89fc04c6c293695dfbb536e6a4dd08c784bef0ead587b773ac96f282fa6da1a

C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.zip

MD5 84ea607d2726ab583b1cd0b075e5a76b
SHA1 fc115a9fb0a0fc6b67c9e69446ba3219c7331ed5
SHA256 7b137e7933f2aed1c78294b7f756ef5f9a3c12d202ae22c5694f95ab6d4fa28a
SHA512 e6cb67d8992b7f200fdd69b0d90e614194072c5d095f37053625941aef6c3b6c4945f964990a62cc2fd76120d0c07282f73e9f6d9e08f6b5c5b6c8a9d4bba1f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 66b49ce40785212d9644aa9a19336be9
SHA1 716ab2ff2c882041d13d91c4786577fd87b6dff8
SHA256 22358de5b97901a4bc7a2fb7075fce717a68dd2127c2136215167d33bd1c0905
SHA512 c2044f48fe8f59d053605cb6e0599ef76dfe59faf87d8e114179f8bcef5d36197cf8fe92523e8813b270e37bdeaa08d7b2cdcdbe4c4c85077d722ff89c6dd628

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 453200d7f006d0b0cd9b7c0b5f74de27
SHA1 cd22851b806a0743f0d27bb74f5a1e12643ba164
SHA256 cbb6e0dc2037b482c8404bd6ca22a3c9115d91b0660487f3bafb39194b36d3e3
SHA512 c0931c842cc67b9cb36b4e64339d794268e1f806648439d99d78b2a18f4f7a459e27b7aa4f3ddd72732832177351c2e1d8611f31774d64b1fe948653e41d74e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a87eee38ef2965fd292f67e572527e63
SHA1 3e783cecc30927f80822e0251f05ed908de3ca36
SHA256 b72fd0c4e2480c947ccad6337e37bc9e0d3500c28291ea20fc6917e9d0aac2b9
SHA512 d38b245f9fb1ef7092d03698b5d0e3783629a05d063a3c3e950af6d91132dad6b088117cfd53fb0ec822156bdf836d1101467bfb64827ff46d7b4a31c0d2a73c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 62d2f7575838480251e65fe530410bb7
SHA1 04319e900efceceb4bfcf91c89a264e2394dc445
SHA256 be2c9824518f6c036fced797cb911f0598eea12e2a7c0fdd7dd9ea18242f7363
SHA512 8de6f7e5eb985a835bf0b5ece66d6c4bcbe403ea14af70f8064b84514f57c95c32c93256d227d44b6dcd83d2cf7fa72f42a52dcb569986a2d45965e292a99773

C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

MD5 c2bc344f6dde0573ea9acdfb6698bf4c
SHA1 d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256 a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512 d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

memory/2980-406-0x00007FFA81530000-0x00007FFA81540000-memory.dmp

memory/2980-409-0x00007FFA81530000-0x00007FFA81540000-memory.dmp

memory/2980-410-0x00007FFA81530000-0x00007FFA81540000-memory.dmp

memory/2980-408-0x00007FFA81530000-0x00007FFA81540000-memory.dmp

memory/2980-407-0x00007FFA81530000-0x00007FFA81540000-memory.dmp

memory/2980-411-0x00007FFA7F040000-0x00007FFA7F050000-memory.dmp

memory/2980-412-0x00007FFA7F040000-0x00007FFA7F050000-memory.dmp