Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/ was found to be: Known bad.
Malicious Activity Summary
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
BlackMatter Ransomware
Executes dropped EXE
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Checks processor information in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 22:04
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 22:04
Reported
2024-09-22 22:25
Platform
win11-20240802-en
Max time kernel
1162s
Max time network
1164s
Command Line
Signatures
BlackMatter Ransomware
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715163082525778" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab21fcc40,0x7ffab21fcc4c,0x7ffab21fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1780 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2144 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3368 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4692 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3340,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4704,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5204,i,9855777207302212480,8700229855397077467,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5220 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap10348:190:7zEvent11501
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SyncMount.xlsx"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.66.49:443 | bazaar.abuse.ch | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 52.111.243.29:443 | tcp | |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
Files
\??\pipe\crashpad_3132_BDVZTTVRVWRNOKSK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a74c0c16-c9d0-45ad-a5b9-92397cff4a66.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | fa8d730a3350e7ce68ff51eceb46583f |
| SHA1 | 4ddf17d4092e66480f014fc9d69925df7ad17a6a |
| SHA256 | 84d06b49a51e373a87915af1f7e86c5a636f6717d70621baac2990b50d41882c |
| SHA512 | ffd50d90bcd5c79af3851734799436fea56a0155fc2f7edb37129519f1119bb416c914c916e238982a575ec7a96bf5db74d68e62aaeda0b1053168d37d018b7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fa99fd9b-30b9-474a-adf6-06648f99218f.tmp
| MD5 | e17f3d2b0c99b3e3afab68880bdb06a4 |
| SHA1 | d6cc734859ddd4637753cd94eb61ffae4bd84cea |
| SHA256 | f2b5f7f659b36ada0e9c9335648515fceff7fbb2f3598bc3687d18a0a741c62a |
| SHA512 | 0453c5dd2fb2fc390903639008f9b49ad585d20aef9deab1efc01644f98610ecbc74a95f00517c6a4aa31e8ff3fa1bf5d9891dd2b22e44e8c2a5135ba5f487b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 83048091921509e5ce7fcaa9bc75bdd4 |
| SHA1 | af9088e49eeb88a0065988c8ef38397c33dc7cdf |
| SHA256 | 0259ecd4271d3375980fc2dcb0db003a28e0156484b9729e4fc6dda372957de6 |
| SHA512 | e0310acb82769fecaccfdb5b2c433be3ceae82ec965be879d6f6c3e7b1e81766d7716acb125f05b0b03f2af822d6116dd87187e88364c2d407c622ab931af996 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0e38d65909d7af5a4dffb52813701724 |
| SHA1 | e6bd2d7469767dc36eca363f1e4c90142fd3e84f |
| SHA256 | 2bb8f066cf04594f056db69d5fba647d4f1f2fa298a4622260b31e4a65d9d284 |
| SHA512 | 2467d3a2f92297e703e2f9f1886290f82fb03d42002c2e8a4b02548402d30de9bf9b59ac554704759d3c7141c0995939757d95be2f89a5e3bb097b2103a187d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26e6250c86ef83ac7f8412105dbc6d57 |
| SHA1 | 7acfa10497bcceeecfd3ee05c27daf5f746ed8fe |
| SHA256 | b17c2b0e82e31044fcc60d3b104bbaaf3c08a88c032fbc15306042c036a602f2 |
| SHA512 | 660bcb8b3b78934734a95fdf3af3f19912b5f5acbe9ef4f1427506eb7f9fab935732eff821951a53cd9a0b203330a15af0b02d38a0926ea15d61289a7353ef74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49737f02b5cdca6414d7975dd63c4b51 |
| SHA1 | c3b8eb38e6e2791f6f6cc059e159de108c72cddd |
| SHA256 | 606eadf4d51f72b650ee07b5f731ac5da10205637b557419b648b05fc44632cb |
| SHA512 | 88c51b9fa1296b5cd3fd31ee431fe2a7903d2edac42b54f5c00b3e81957c96419a370e7d52eab58f05ed57d28c7a3253ee9ec61110d3f2d9c57cc6fb33e31215 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 35082d15c7b5ebbacf93c4b346cf89b8 |
| SHA1 | d71199b25f1c23ffd5fe8b8f25280d5117f96858 |
| SHA256 | 515209590bebf149500e1d84135df6f38a09292084c3d065abfa7642f5b71011 |
| SHA512 | 6cb8046a399ede0f6ffc83dd9fc7f704c697b4504a1e7a61e57b0119c1c1653e98bcc2b4942c9f573263b145e69cd517de6973c563c08c337f49ba8041a957d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6d338496f3dd1436275d164804259ec6 |
| SHA1 | ecb6b7b6b6ddf4c85b4da1f9de925812b70b7d52 |
| SHA256 | e8cea5d5bb5afa5aaf8ed8b39a6ea454e78adec10ff89d8e6c3f4d7db01a6374 |
| SHA512 | 4194dfdf0e16375ee1c59a1bd60b2bcaa9d7a37df76730dce73cc8aff5d94870b8486696955365b87f041c3b223ef8a0dddce1fec026efd47bb2864d116a971d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2f51777ca00e656e9c316a646a1eb8fb |
| SHA1 | f0db832df84bf227389cd684cc9f5da79dd3a3bf |
| SHA256 | 882dccad21870c0ed304d191cef4e314726f4b24538b69ecc77c72b2bdc4f864 |
| SHA512 | 0fb02941b50a0fce05d1d7a2c402c9faf2f4ce310b4426a4dfc2d51f759d5665c6e10d395bf4c2d778b52bf43e28207f1920299fcbe3fff95fb7f7df88b0c210 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54c0c57e6fd510527461bbb6a9e9bac1 |
| SHA1 | 7c61e2371f6e5fd742f2a965ce746af7b0c8d4ca |
| SHA256 | e44f55b6f64f654468679150735a020d4f76d148ac1c015b6789135f3104ebaa |
| SHA512 | a8e9bca821c4338ba05332d6b88f23b8b201e2c66117ecc7cfe768c792f04f8b9edc0ef78190d6959358cf244238c0a07d05b595831a614fc8e74a89b3c63f68 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8b518c5212fb2ade397cdeff6137b394 |
| SHA1 | 797606f0f533ccc7d8f3ee2124a5b3de5784a865 |
| SHA256 | 823b2d130f5ac714ddb5569a85312bf80c7e5e6c1fdf9c1efbbe55eb7f4fb95f |
| SHA512 | f5e16fe14b0bcc825ad2b2d680014ecff979081a8f2af2ecd400b9b6e0de207691464adb27d58194a0db2292118b5baf4effca8948c7511d9c2cdcdacd99b180 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8b9066815f6c7b03ab5abaaa7880063b |
| SHA1 | 1208ced354ceff6249da79b08f9f0ec55d0cee4d |
| SHA256 | cdd52c788dac8b9b97a0a72af1394f08fc5fd7e7fe299dc37a77095a3e1995b2 |
| SHA512 | d380dba4b9790b068d948a65eb88839e909ad69a662f62c75cf88fa4113bc69e7e33a7a32befd73445615439abaa4ae06d05cd578c163b6825af9826cb4e5844 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0301e5325b4cad86d2ad79ab82ee0999 |
| SHA1 | bcaba61dd16dee2c1bcb1597f7fd4de47f59bd92 |
| SHA256 | d359fd80406661d0b7bdeb3381c22cb12b08fcb8117be7a795eb70a6e6b5d45b |
| SHA512 | 0170f5468e1204d9d24bf6e59571a51ae93f7e09423b446cb029bb9c76814a3328328157bb5ae872c4a5c4313666b963dafb351f0595f97b8e3a14413648a4e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 685d9edca043528477aa66d999113626 |
| SHA1 | 781ee3c853e45079e5fc0b2755b93c7b76b3e50f |
| SHA256 | be81050befb6f1b4441af757b76ca1eb9ca447b9ffc1ec466eea32bb9c056b6e |
| SHA512 | 0d3df0af99bf94e1f0d8fcf17dab146940b2dd402c7c1cd05ca29c62979caba916c051a4fee701492c7f42c646493b101d70132ac2d1b2b26304ecfe86f373ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c77365a1c7c97820554c5c546beec4db |
| SHA1 | 423c0f45ba22f0c09a4c7af3538381a68953aa8a |
| SHA256 | 22b4781206d84a88622ef0442575d321583de29f18ce2d90e415abf5daba3999 |
| SHA512 | 5b8034473fb09431c8948881b57ac71937293b693d44fe87981e08ce9ea53660aae3dc733b3a889531a9f0ee8fe5a04617897ec81ffe62ca681345d254db4a2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6d58b6aada71f83f13420e49d22e16db |
| SHA1 | 7ce113527af34a004042f03de6f7b7b9fb53354a |
| SHA256 | 4c198bf49176fa8bfd05bc8562d3fc9b1cb9f73222b57e49e42d1566b9727974 |
| SHA512 | 987d08f1dec7696b88302e9a3e8ac15a99d85a5fe5504c10a43abe9d25056e0b8048c1d64fed561f86a83c1763fc2c1216098ad4e74b9c249f366be119d6cd3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9622cc1f7bc8e8028dd3c874628ac61f |
| SHA1 | 5a4a400ba20e5b2879772c03b8dee4bcd1d17065 |
| SHA256 | dcd16270549fbd648b9b82a342874348e803cfb8853a46fa9bb2ccc4fd80ab26 |
| SHA512 | a83f5cb01951d24fd483b44767f0f63858934de9cd3e17698aa5648b27aecb213990c99c7e2a56b5ae224d7e09b1e4dac62d52b0c05a3b488f271e48feb9cd60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 83bfebaf089cdd9cf16db49db6cb614a |
| SHA1 | bda5f01fee2264d7f9b7445d20474153286094c2 |
| SHA256 | 140b98e7d6ddb40e3b476cfde6889c74ac0630125f0a0ebca982f3ced7004b70 |
| SHA512 | ac55ced7235cfb64412ac91fc5a43f87da7a0ac0c8ac06f017b86ec53725bba00b71a88a9980aa2e8be466ec04b828afd4d2ccaefe5cf0ed836806d75aeb9596 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a682a136c411be9507da5a101d0eb387 |
| SHA1 | 65a5a1161eac782abcceed79fd8b363c00845783 |
| SHA256 | 17a03251a49b9a7c3bb6144d66e705c800153b0b85637d2687ae8ff48ad651b6 |
| SHA512 | 1d6b1af0e814e2f1e496116b85dfa94709bdabfc3bdc9e6a40e52b93e8f96410975f9208b9ba958d048178a38583b7ef63b148a7e71e8277850a587fd3d4aec9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e60037c02c900d9422d578877609d5f8 |
| SHA1 | 71f272dec545dd2e17c731b6e9c8bd470ca9be52 |
| SHA256 | 5d159d702e4f36db18c5594d095bca642f8bbac39319adc34d2cc6eb6577f7bf |
| SHA512 | b5eb5f2887f1e507b7bcfa42da5f327d208e07056083d6fa16b08b6f0d5ddac46a401ff8a582fa75fc6d79d87c344ee32c07d9eb6f4fa527da42f46149bf9423 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d70578bd3e0bb113eea0dda5b4f87ad5 |
| SHA1 | 51e6f6a3464b2245b57af10e0099b133c6cc9c28 |
| SHA256 | 7c66451b64f550f686b0d42cc78b32afc368cef5b88a4556e906e4cabcfd9cd9 |
| SHA512 | 2d24235f391cc4d7fa5b7691048e12b704ed9af1b667b87d46cb724273f41aea310e049a4052cd0df20c6743c1840bc624d2fd35ae816479c01c2f84f6641a7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 266f591aaa0d351fb0b2ee5db867ec71 |
| SHA1 | e2139d94b999b9aad1de3cb348d0d4656b730f9f |
| SHA256 | a581b8ef43aa6ca8a0a3621dc9256f4f5ab7891a33b6aa9f420962481d91fe03 |
| SHA512 | 45fc7bbf2932efee83357c374b6a159467ba7906fde18652f16592c6f06a6007c89fc04c6c293695dfbb536e6a4dd08c784bef0ead587b773ac96f282fa6da1a |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.zip
| MD5 | 84ea607d2726ab583b1cd0b075e5a76b |
| SHA1 | fc115a9fb0a0fc6b67c9e69446ba3219c7331ed5 |
| SHA256 | 7b137e7933f2aed1c78294b7f756ef5f9a3c12d202ae22c5694f95ab6d4fa28a |
| SHA512 | e6cb67d8992b7f200fdd69b0d90e614194072c5d095f37053625941aef6c3b6c4945f964990a62cc2fd76120d0c07282f73e9f6d9e08f6b5c5b6c8a9d4bba1f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 66b49ce40785212d9644aa9a19336be9 |
| SHA1 | 716ab2ff2c882041d13d91c4786577fd87b6dff8 |
| SHA256 | 22358de5b97901a4bc7a2fb7075fce717a68dd2127c2136215167d33bd1c0905 |
| SHA512 | c2044f48fe8f59d053605cb6e0599ef76dfe59faf87d8e114179f8bcef5d36197cf8fe92523e8813b270e37bdeaa08d7b2cdcdbe4c4c85077d722ff89c6dd628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 453200d7f006d0b0cd9b7c0b5f74de27 |
| SHA1 | cd22851b806a0743f0d27bb74f5a1e12643ba164 |
| SHA256 | cbb6e0dc2037b482c8404bd6ca22a3c9115d91b0660487f3bafb39194b36d3e3 |
| SHA512 | c0931c842cc67b9cb36b4e64339d794268e1f806648439d99d78b2a18f4f7a459e27b7aa4f3ddd72732832177351c2e1d8611f31774d64b1fe948653e41d74e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a87eee38ef2965fd292f67e572527e63 |
| SHA1 | 3e783cecc30927f80822e0251f05ed908de3ca36 |
| SHA256 | b72fd0c4e2480c947ccad6337e37bc9e0d3500c28291ea20fc6917e9d0aac2b9 |
| SHA512 | d38b245f9fb1ef7092d03698b5d0e3783629a05d063a3c3e950af6d91132dad6b088117cfd53fb0ec822156bdf836d1101467bfb64827ff46d7b4a31c0d2a73c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 62d2f7575838480251e65fe530410bb7 |
| SHA1 | 04319e900efceceb4bfcf91c89a264e2394dc445 |
| SHA256 | be2c9824518f6c036fced797cb911f0598eea12e2a7c0fdd7dd9ea18242f7363 |
| SHA512 | 8de6f7e5eb985a835bf0b5ece66d6c4bcbe403ea14af70f8064b84514f57c95c32c93256d227d44b6dcd83d2cf7fa72f42a52dcb569986a2d45965e292a99773 |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
memory/2980-406-0x00007FFA81530000-0x00007FFA81540000-memory.dmp
memory/2980-409-0x00007FFA81530000-0x00007FFA81540000-memory.dmp
memory/2980-410-0x00007FFA81530000-0x00007FFA81540000-memory.dmp
memory/2980-408-0x00007FFA81530000-0x00007FFA81540000-memory.dmp
memory/2980-407-0x00007FFA81530000-0x00007FFA81540000-memory.dmp
memory/2980-411-0x00007FFA7F040000-0x00007FFA7F050000-memory.dmp
memory/2980-412-0x00007FFA7F040000-0x00007FFA7F050000-memory.dmp