blackmatter | hxxps://bazaar[.]abuse[.]ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/

Analysis

max time kernel
2665s
max time network
2587s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22-09-2024 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/

Score

10^/10

blackmatter lockbit discovery ransomware

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

BlackMatter Ransomware
BlackMatter ransomware group claims to be Darkside and REvil succesor.
ransomware blackmatter
Lockbit
Ransomware family with multiple variants released since late 2019.
ransomware lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000200000002aa78-352.dat	family_lockbit

Executes dropped EXE 1 IoCs

pid	Process
4492	a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715178012839048"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2436	WINWORD.EXE
2436	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeCreatePagefilePrivilege	2152	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
4976	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE
2436	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 4184	2152	chrome.exe	78
PID 2152 wrote to memory of 4184	2152	chrome.exe	78
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 1508	2152	chrome.exe	79
PID 2152 wrote to memory of 4288	2152	chrome.exe	80
PID 2152 wrote to memory of 4288	2152	chrome.exe	80
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81
PID 2152 wrote to memory of 2828	2152	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffd995fcc40,0x7ffd995fcc4c,0x7ffd995fcc58
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1076,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:1364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3180

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18164:190:7zEvent32303
1⤵
- Suspicious use of FindShellTrayWindow
PID:4976

C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4492

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\BlockSkip.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a2dda0495341944450f3957710692ea1

SHA1
67245d3ce254f3f6a0a89e441be006b94b5b7888

SHA256
67df23df91a424bf097b44a3207f59efeb6aa63849467d8cd74f8caa3ae72f77

SHA512
1132f887519ae3528eec631cfc17eaa20343346dbeb6781d8b32cac865607912d6abdbf79ee024013edb140be92e4af306e74481e3566b092baeba83ac9786b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
616b0a687ae862fe151e452e8aa3a922

SHA1
04fcc8aca3ed12d226a965609acc5d2ed3a50896

SHA256
8ceb73dbc9064d36a4fa683909bacb6e5fd13d2396d23b29a1b65780a3a4d4e0

SHA512
2a1d4ccff53a9a7c330f54f92a9a2e7fe68f8b432bd678a198535a338464b2a55a4d653767559f8f30aa0b342597cc705f737889e75cd20f233879b57e66fced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
cb287a953326ddecdad688b3e4856830

SHA1
c16a6905653ae3c3c4cadbbc1090de2b3621948d

SHA256
829a52eb5bd9680dee0911056a155d5c305365d6b6b484304455652bfbce79e7

SHA512
44f2f8b0bd32343c90b8f6949c84d2c5603bf9d246b5db18b0cc83861b3f129316774a34df02acadfc76594451db3bae8727487d79491e5828c28bc392267502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5068da211934209771f0b48df5a08981

SHA1
03187eab26c2ffc29eeeed450f910a803e6d6d16

SHA256
7f0ad694a0f3c6b5693c01efb42b88cf96173644f9ce1327eb8cc1da4f1f0441

SHA512
95c488d73a24fd471bc843d66e29a4fead3a0bb896599e182430bf19a0cc947caa5aff6d04f28bfecd0f3a11d8cc7916dceef5084d2dd247ed16a0f43b822835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
9311b1f71f16519178a42987bbd307a5

SHA1
823f385c6c59d67b96bd11049201690ebfad23fc

SHA256
bebd5b392564c2b7af6c2f4f65dbe8adb9d315f5e5a659e40fd6173ce406f8ed

SHA512
a198a274651c275ac8c28c715075d2bf932c8e9e01ef6cdc5abbb386277d99754ce35f8b09648406bf54765e0d1c80ffd0388a548cd5f978258efc19b3507e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
645352e1dc4606d1874586b497d9e8a0

SHA1
57579b052c7ddbfa142f0fe51366571ab959004f

SHA256
2a05d89c1a1ae88c96098d7064442e25ddf1adbd1ffe418ca7a9066e41814c74

SHA512
382d62e619b97698bd66093913e00ff02daa6e56a3fdcf6651b48b709f323c0fa2e76c02f48c60656b16222d0c4be22d1c434979dbe1ca2bd4057d6d59ddc5e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d3335c3ba1c78775b10b2f18ca7f22eb

SHA1
9dd929ff70dc7229cd2633ee3644888da091b4de

SHA256
a6679f2f053111ceae94c3d3b37cc6b84c4fc9c8aa2b08c0d660874decaf064e

SHA512
abe2b7ab5d206b6d1cdb712c1dd57afeee2e4e35e31d2e7c2278bb34b9bd3524741518efd9e987af234587d0a24698dcd6c8c09be23521f9c9415f2343ebd7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
09e2ee58eb41817ca6700c28bd7357e4

SHA1
3cf0c089bdc9296e3245c7b71fe606b78a082c5a

SHA256
b10807be40dcc1aa106591617c1ac5808f343dbaf6361f25fe4fb9b6051fc8f2

SHA512
52a4ccc1089355053dce172c4edbe480e8bdb0ceaf0aebb4211e58dc0784fd1f7c42009c3b458c99f17572dcd636894319a58daec5eb6072582d64890b8f7adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
43dbb0dfad0cf7e5b577b9bddea0ec76

SHA1
287c3ca73a877fb0f0d05f54bd7c7130276be996

SHA256
c9540dbe33e54591a468b052e4f1d2f6cbfbe9f19c5d18d40fcbc0e182d7b0ea

SHA512
17a8d27c590ef7d908ced64294d25f8ad4530734c680076dc315465e8ab5973bb8cf1b5da70dae86adcf97c81372414f48a87441b30fd45134df69d848a9443e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6c8d090715d14ed2f52d15a8bb79ff0

SHA1
f6e4e1a5ea9c2342dde2ebf1c6af35ff91293f61

SHA256
c2dca86c9703081a3a3745ec0fb6613ce4619ad6586031eed89929be35013822

SHA512
12971b4b4deec3268245195fa7d12f348b34231ffa512664994fd79a13291f62b31970280b555988f4a74c333c4868f75d01a5c363b517106cc465fede5b5cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e844fa74aa36c0f8072b239dbefa25e

SHA1
93fcacbc1b7088acc27c2d221a12ecdb0a441a30

SHA256
382aca9b1be5c8278f8031f8644dff73be621f6af752a27ddb9387dfb3f9e8c8

SHA512
be69973c32f843231d129c9ed3e40663d42bfa7768ac49662d613c197bdc47b208194803b95c1ac971ea4428a9b6db1e72ecf9240fb2b490fd05970f60643abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
477e302dc5026fe21b58a3ba6f7a7b06

SHA1
e040700df7b1ca4a612326a962c20d5f76c1d010

SHA256
afc55c4d4ff4d0ed374a82ab0e8fc53dcce23d4b6b227d3027232d74c4f5205e

SHA512
db192496bccf8e02ab10454d232a21126caf2f3bc9c0638623306642deac531af342b8ab1bb68e689d908d405bb28709db840707c7e2270e059b19ea3edb8efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b38c8e11d0c8624effdcb640210b33b0

SHA1
02971e68bfce77ed72716fc05b23cf70a3074d10

SHA256
b49cc16420d78bd96b086285c9061cc9c3bc9025ae384673c30188fc69250b26

SHA512
1ba8937a57a3538930b6b1537c6f1b8f219566c7812d2757be30741016ceeeb6b7ea224e383d3af6bed84b15f7d776592b720967f5d25786823c0d1eb0107c1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b2ec87b35df9733902c91e96b735a45

SHA1
fde807ef54940d528e523c8323bf60acc0d32058

SHA256
6b1f3c77cd3b7e0360a7b7147b86b480143cdc83991d7a796ad94353b8f2ec9d

SHA512
8cee1c83f2be14a63510bc13ff1da3dc82052206c484a6c2f16e9c86f5da54c27b7a3e4852632ea0485f8883166ddf7e9c8b014d23c37029180780830fe6a64d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a7cfef43d1195a4aa5be0246a2f7ffa

SHA1
1051f6d792d55748a4c4120bbc813284c25ba082

SHA256
c687a77650362ce0217de7af88c943f5da49ed34c166b3bc302346852b2a7679

SHA512
74b27f7ea41d0e206bea538029e338c4dc8129e828e72856059d767ffdd4f47873ba1653424e479b7835cdbef88e92f6193572d2cfad656f4a95031256077417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7d6efe443d7bfd404b763376b782226a

SHA1
37d24bdc34a59d14abe52ce88771edae4b7edad3

SHA256
c3a2a37e05e10b3bc4243b4bd3fed1365c46fa343a38f49c5a839b7a97779cbd

SHA512
7fdc58e9cf74d18ee792f5f64592f6904c1fa37930a730404dee612fe81be1aec3f3f942223259f15721c6711c818acf13a19e0d3703726c91de8a441533951b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee0555e2054ee0f5f0323562956b7d35

SHA1
25cdaec7c0cc02809a1a308d3e2cc79feb947d7a

SHA256
fc20e378e774573a2e737298676743ddc8426f2de6f16b428591546b2eab06a6

SHA512
4434c59018b95ffa272d00eccd9b02e409faaa637c11f7b49b620655f239058334ebcfa1ae7bd4144fade5ed9d152a771cae9aae0f7f74f22b5df8a07136f45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
495f4bf7b4dffa2855b9a82827701758

SHA1
db776f6899d94547dc8b8926c0bfb5b143bad7a8

SHA256
03de75eae96f9c7b1bc7c784903ee2ae5113b259dfde13ed571f704d33a8d2fd

SHA512
9907ac74c8a40cd5c3984685e313a2e999d7addd1c85dceb6bb31754e48b3709285cace50a27136bf600c05f23d9cb92a5637c6ed8e3e528384c94c899864d94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
5730cc3199b610a4a7b9bc07d470853b

SHA1
e165637fda76c58b39f51be512e09301dcf731d1

SHA256
444d856648948a7d72ea7e754f98a4e5a6a504cb57b7e78c77f073d6be8a5fae

SHA512
0230dee07870c44d912214998c2c3ab7537c95706414b2ffbdfec8fb3c2d7cd9cd6977e8e3107a14d841670ceb28f79ca4106b023da354a626d350bf2534fcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e000b21835aadeae63d3e43e94a4fbf5

SHA1
73d97a230664d665e6eca8b349f5e9e0f73ffb57

SHA256
67fb370644ae75d44cba1c018e7a2a9062b9d6de5a0e79ede064e6883c41ca27

SHA512
3c283a9a4dd69f0bbe5ccf2e499d38a49d5b238ab04ad0ffba5ac7b1d8a0c49bb92a1f5a9ef9b5a7cdce84cab5c13e929bc10a543e77f3208e12bd614f04a86f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6130a81436acec41119e4a7836c68b51

SHA1
02768715b3bbd1162d290137f837857987ba7792

SHA256
12a67041d52b38d55374653d97a047c17b8d9758f5363edaa3382fd8e28a523c

SHA512
cc1eba566ad165daa66d637421d5a0bfdac44c0d83512e847971e973edc8368142a9da46f3e658c56ee43d629cdca9aacbfd908260fc6558c21129635f3c1581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a3187d0753c2526594cd0ebcdc1c0161

SHA1
9fd6366ebf9abcfd100cc5d8466c89eef65e32f3

SHA256
c17ee776f1154ed510c601f84b5afd89bd8412584409f693d35776ca90e8fcda

SHA512
e60624be033b577a595f2da91efcc258ba09bc70417c8ee1791afb9135c1072c287683209366d3aef2166a12f28c41ff5f54341670b20cc6f2fd6a187c575e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD2B38.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
382B

MD5
6a499773e926fb2cb59daca86d6491c0

SHA1
cc85fe43d6e287ba18d96b516b8ca696ba3e9258

SHA256
6ae4b40eb0290aab4fdb30f403b5f9e9377d430612bcee9774c172ed8c80f70f

SHA512
64f3f5741c090886a6bf6a87c8b6dec957e189ec567d092a22e8ea9c07b7d8b46a51835a775e7722a6c1ae1fa0d2cceece6bf18b3dad675bb8d98fc021cb9858

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
de0d0f2df543e8550786b2d297737a63

SHA1
478c57d3f3df6cbee1b65726e323a023957d1c02

SHA256
7dfd11ee3da8eed71b0fd9efb64da584f7468feac1e7799045b56768e62f2c31

SHA512
0e73abe034fac42d8e497af135fe8f16cc0a0d1afa9977b5f4b83e722cde97a71546252e3f29b5416e15a2b78e7e95ec373ff7dc824271be3538ac62dc186430

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
3c725e91c8a4a62ecf407f75f3941069

SHA1
fe3bef1063e35b4b6af1c4eccdb72565ab50d5f7

SHA256
c58bef2ff41b1338c3766cf4ac569710a7ae3cf434cc975878d316f7bb9dc42b

SHA512
c716ffd09804376bf839a4393f8fd4f8c40a3e99496eba74e031fb01d0f7e2b5835e954ca17f7089ecca8220139ab7266bf55f29150f2f9e58435258e9fc1425

Download Submit
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe

Filesize
469KB

MD5
c2bc344f6dde0573ea9acdfb6698bf4c

SHA1
d6ae7dc2462c8c35c4a074b0a62f07cfef873c77

SHA256
a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

SHA512
d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0

Download Submit
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.zip

Filesize
273KB

MD5
b573152564243a0de592b62bd7ad3bfc

SHA1
d9271ea33e4807473e9db61e65fdf937f0051d24

SHA256
3abb6cf940e005b30b419aa23085b2f9ab46fab8d08757c85c808387ad3c651d

SHA512
c52c95b34d584f79e742fba77ceff9f476b63a3a0c57d8e3773be864b8f817d5d66a17b2222cf4aee5538ae04fa770890e9ff0ef716d85b13025ccda0496eb9d

Download Submit
memory/2436-357-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp

Filesize
64KB

Download
memory/2436-356-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp

Filesize
64KB

Download
memory/2436-359-0x00007FFD65F20000-0x00007FFD65F30000-memory.dmp

Filesize
64KB

Download
memory/2436-360-0x00007FFD65F20000-0x00007FFD65F30000-memory.dmp

Filesize
64KB

Download
memory/2436-358-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp

Filesize
64KB

Download
memory/2436-355-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp

Filesize
64KB

Download
memory/2436-354-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp

Filesize
64KB

Download