Analysis Overview
Threat Level: Known bad
The file https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/ was found to be: Known bad.
Malicious Activity Summary
BlackMatter Ransomware
Rule to detect Lockbit 3.0 ransomware Windows payload
Lockbit
Executes dropped EXE
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-22 22:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-22 22:29
Reported
2024-09-22 23:14
Platform
win11-20240802-en
Max time kernel
2665s
Max time network
2587s
Command Line
Signatures
BlackMatter Ransomware
Lockbit
Rule to detect Lockbit 3.0 ransomware Windows payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133715178012839048" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/sample/a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffd995fcc40,0x7ffd995fcc4c,0x7ffd995fcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1076,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1740 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4388,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5036,i,14513969549054872466,10968754841445676078,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3244 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18164:190:7zEvent32303
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
"C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\BlockSkip.docx" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 172.217.16.234:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| BR | 34.95.145.254:443 | e2c22.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | udp |
| GB | 52.109.32.7:443 | roaming.officeapps.live.com | tcp |
| GB | 92.123.26.202:443 | metadata.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
| GB | 92.123.142.59:443 | binaries.templates.cdn.office.net | tcp |
Files
\??\pipe\crashpad_2152_RWOJCAYOORYPHKHW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | 08ec57068db9971e917b9046f90d0e49 |
| SHA1 | 28b80d73a861f88735d89e301fa98f2ae502e94b |
| SHA256 | 7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1 |
| SHA512 | b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | a2dda0495341944450f3957710692ea1 |
| SHA1 | 67245d3ce254f3f6a0a89e441be006b94b5b7888 |
| SHA256 | 67df23df91a424bf097b44a3207f59efeb6aa63849467d8cd74f8caa3ae72f77 |
| SHA512 | 1132f887519ae3528eec631cfc17eaa20343346dbeb6781d8b32cac865607912d6abdbf79ee024013edb140be92e4af306e74481e3566b092baeba83ac9786b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5730cc3199b610a4a7b9bc07d470853b |
| SHA1 | e165637fda76c58b39f51be512e09301dcf731d1 |
| SHA256 | 444d856648948a7d72ea7e754f98a4e5a6a504cb57b7e78c77f073d6be8a5fae |
| SHA512 | 0230dee07870c44d912214998c2c3ab7537c95706414b2ffbdfec8fb3c2d7cd9cd6977e8e3107a14d841670ceb28f79ca4106b023da354a626d350bf2534fcba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0b2ec87b35df9733902c91e96b735a45 |
| SHA1 | fde807ef54940d528e523c8323bf60acc0d32058 |
| SHA256 | 6b1f3c77cd3b7e0360a7b7147b86b480143cdc83991d7a796ad94353b8f2ec9d |
| SHA512 | 8cee1c83f2be14a63510bc13ff1da3dc82052206c484a6c2f16e9c86f5da54c27b7a3e4852632ea0485f8883166ddf7e9c8b014d23c37029180780830fe6a64d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 09e2ee58eb41817ca6700c28bd7357e4 |
| SHA1 | 3cf0c089bdc9296e3245c7b71fe606b78a082c5a |
| SHA256 | b10807be40dcc1aa106591617c1ac5808f343dbaf6361f25fe4fb9b6051fc8f2 |
| SHA512 | 52a4ccc1089355053dce172c4edbe480e8bdb0ceaf0aebb4211e58dc0784fd1f7c42009c3b458c99f17572dcd636894319a58daec5eb6072582d64890b8f7adf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7d6efe443d7bfd404b763376b782226a |
| SHA1 | 37d24bdc34a59d14abe52ce88771edae4b7edad3 |
| SHA256 | c3a2a37e05e10b3bc4243b4bd3fed1365c46fa343a38f49c5a839b7a97779cbd |
| SHA512 | 7fdc58e9cf74d18ee792f5f64592f6904c1fa37930a730404dee612fe81be1aec3f3f942223259f15721c6711c818acf13a19e0d3703726c91de8a441533951b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9311b1f71f16519178a42987bbd307a5 |
| SHA1 | 823f385c6c59d67b96bd11049201690ebfad23fc |
| SHA256 | bebd5b392564c2b7af6c2f4f65dbe8adb9d315f5e5a659e40fd6173ce406f8ed |
| SHA512 | a198a274651c275ac8c28c715075d2bf932c8e9e01ef6cdc5abbb386277d99754ce35f8b09648406bf54765e0d1c80ffd0388a548cd5f978258efc19b3507e60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | e000b21835aadeae63d3e43e94a4fbf5 |
| SHA1 | 73d97a230664d665e6eca8b349f5e9e0f73ffb57 |
| SHA256 | 67fb370644ae75d44cba1c018e7a2a9062b9d6de5a0e79ede064e6883c41ca27 |
| SHA512 | 3c283a9a4dd69f0bbe5ccf2e499d38a49d5b238ab04ad0ffba5ac7b1d8a0c49bb92a1f5a9ef9b5a7cdce84cab5c13e929bc10a543e77f3208e12bd614f04a86f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6c8d090715d14ed2f52d15a8bb79ff0 |
| SHA1 | f6e4e1a5ea9c2342dde2ebf1c6af35ff91293f61 |
| SHA256 | c2dca86c9703081a3a3745ec0fb6613ce4619ad6586031eed89929be35013822 |
| SHA512 | 12971b4b4deec3268245195fa7d12f348b34231ffa512664994fd79a13291f62b31970280b555988f4a74c333c4868f75d01a5c363b517106cc465fede5b5cfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5068da211934209771f0b48df5a08981 |
| SHA1 | 03187eab26c2ffc29eeeed450f910a803e6d6d16 |
| SHA256 | 7f0ad694a0f3c6b5693c01efb42b88cf96173644f9ce1327eb8cc1da4f1f0441 |
| SHA512 | 95c488d73a24fd471bc843d66e29a4fead3a0bb896599e182430bf19a0cc947caa5aff6d04f28bfecd0f3a11d8cc7916dceef5084d2dd247ed16a0f43b822835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b38c8e11d0c8624effdcb640210b33b0 |
| SHA1 | 02971e68bfce77ed72716fc05b23cf70a3074d10 |
| SHA256 | b49cc16420d78bd96b086285c9061cc9c3bc9025ae384673c30188fc69250b26 |
| SHA512 | 1ba8937a57a3538930b6b1537c6f1b8f219566c7812d2757be30741016ceeeb6b7ea224e383d3af6bed84b15f7d776592b720967f5d25786823c0d1eb0107c1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e844fa74aa36c0f8072b239dbefa25e |
| SHA1 | 93fcacbc1b7088acc27c2d221a12ecdb0a441a30 |
| SHA256 | 382aca9b1be5c8278f8031f8644dff73be621f6af752a27ddb9387dfb3f9e8c8 |
| SHA512 | be69973c32f843231d129c9ed3e40663d42bfa7768ac49662d613c197bdc47b208194803b95c1ac971ea4428a9b6db1e72ecf9240fb2b490fd05970f60643abc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 645352e1dc4606d1874586b497d9e8a0 |
| SHA1 | 57579b052c7ddbfa142f0fe51366571ab959004f |
| SHA256 | 2a05d89c1a1ae88c96098d7064442e25ddf1adbd1ffe418ca7a9066e41814c74 |
| SHA512 | 382d62e619b97698bd66093913e00ff02daa6e56a3fdcf6651b48b709f323c0fa2e76c02f48c60656b16222d0c4be22d1c434979dbe1ca2bd4057d6d59ddc5e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a7cfef43d1195a4aa5be0246a2f7ffa |
| SHA1 | 1051f6d792d55748a4c4120bbc813284c25ba082 |
| SHA256 | c687a77650362ce0217de7af88c943f5da49ed34c166b3bc302346852b2a7679 |
| SHA512 | 74b27f7ea41d0e206bea538029e338c4dc8129e828e72856059d767ffdd4f47873ba1653424e479b7835cdbef88e92f6193572d2cfad656f4a95031256077417 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cb287a953326ddecdad688b3e4856830 |
| SHA1 | c16a6905653ae3c3c4cadbbc1090de2b3621948d |
| SHA256 | 829a52eb5bd9680dee0911056a155d5c305365d6b6b484304455652bfbce79e7 |
| SHA512 | 44f2f8b0bd32343c90b8f6949c84d2c5603bf9d246b5db18b0cc83861b3f129316774a34df02acadfc76594451db3bae8727487d79491e5828c28bc392267502 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ee0555e2054ee0f5f0323562956b7d35 |
| SHA1 | 25cdaec7c0cc02809a1a308d3e2cc79feb947d7a |
| SHA256 | fc20e378e774573a2e737298676743ddc8426f2de6f16b428591546b2eab06a6 |
| SHA512 | 4434c59018b95ffa272d00eccd9b02e409faaa637c11f7b49b620655f239058334ebcfa1ae7bd4144fade5ed9d152a771cae9aae0f7f74f22b5df8a07136f45d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 477e302dc5026fe21b58a3ba6f7a7b06 |
| SHA1 | e040700df7b1ca4a612326a962c20d5f76c1d010 |
| SHA256 | afc55c4d4ff4d0ed374a82ab0e8fc53dcce23d4b6b227d3027232d74c4f5205e |
| SHA512 | db192496bccf8e02ab10454d232a21126caf2f3bc9c0638623306642deac531af342b8ab1bb68e689d908d405bb28709db840707c7e2270e059b19ea3edb8efe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 43dbb0dfad0cf7e5b577b9bddea0ec76 |
| SHA1 | 287c3ca73a877fb0f0d05f54bd7c7130276be996 |
| SHA256 | c9540dbe33e54591a468b052e4f1d2f6cbfbe9f19c5d18d40fcbc0e182d7b0ea |
| SHA512 | 17a8d27c590ef7d908ced64294d25f8ad4530734c680076dc315465e8ab5973bb8cf1b5da70dae86adcf97c81372414f48a87441b30fd45134df69d848a9443e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6130a81436acec41119e4a7836c68b51 |
| SHA1 | 02768715b3bbd1162d290137f837857987ba7792 |
| SHA256 | 12a67041d52b38d55374653d97a047c17b8d9758f5363edaa3382fd8e28a523c |
| SHA512 | cc1eba566ad165daa66d637421d5a0bfdac44c0d83512e847971e973edc8368142a9da46f3e658c56ee43d629cdca9aacbfd908260fc6558c21129635f3c1581 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 616b0a687ae862fe151e452e8aa3a922 |
| SHA1 | 04fcc8aca3ed12d226a965609acc5d2ed3a50896 |
| SHA256 | 8ceb73dbc9064d36a4fa683909bacb6e5fd13d2396d23b29a1b65780a3a4d4e0 |
| SHA512 | 2a1d4ccff53a9a7c330f54f92a9a2e7fe68f8b432bd678a198535a338464b2a55a4d653767559f8f30aa0b342597cc705f737889e75cd20f233879b57e66fced |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 495f4bf7b4dffa2855b9a82827701758 |
| SHA1 | db776f6899d94547dc8b8926c0bfb5b143bad7a8 |
| SHA256 | 03de75eae96f9c7b1bc7c784903ee2ae5113b259dfde13ed571f704d33a8d2fd |
| SHA512 | 9907ac74c8a40cd5c3984685e313a2e999d7addd1c85dceb6bb31754e48b3709285cace50a27136bf600c05f23d9cb92a5637c6ed8e3e528384c94c899864d94 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d3335c3ba1c78775b10b2f18ca7f22eb |
| SHA1 | 9dd929ff70dc7229cd2633ee3644888da091b4de |
| SHA256 | a6679f2f053111ceae94c3d3b37cc6b84c4fc9c8aa2b08c0d660874decaf064e |
| SHA512 | abe2b7ab5d206b6d1cdb712c1dd57afeee2e4e35e31d2e7c2278bb34b9bd3524741518efd9e987af234587d0a24698dcd6c8c09be23521f9c9415f2343ebd7ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | a3187d0753c2526594cd0ebcdc1c0161 |
| SHA1 | 9fd6366ebf9abcfd100cc5d8466c89eef65e32f3 |
| SHA256 | c17ee776f1154ed510c601f84b5afd89bd8412584409f693d35776ca90e8fcda |
| SHA512 | e60624be033b577a595f2da91efcc258ba09bc70417c8ee1791afb9135c1072c287683209366d3aef2166a12f28c41ff5f54341670b20cc6f2fd6a187c575e57 |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.zip
| MD5 | b573152564243a0de592b62bd7ad3bfc |
| SHA1 | d9271ea33e4807473e9db61e65fdf937f0051d24 |
| SHA256 | 3abb6cf940e005b30b419aa23085b2f9ab46fab8d08757c85c808387ad3c651d |
| SHA512 | c52c95b34d584f79e742fba77ceff9f476b63a3a0c57d8e3773be864b8f817d5d66a17b2222cf4aee5538ae04fa770890e9ff0ef716d85b13025ccda0496eb9d |
C:\Users\Admin\Downloads\a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db.exe
| MD5 | c2bc344f6dde0573ea9acdfb6698bf4c |
| SHA1 | d6ae7dc2462c8c35c4a074b0a62f07cfef873c77 |
| SHA256 | a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db |
| SHA512 | d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0 |
memory/2436-354-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp
memory/2436-355-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp
memory/2436-358-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp
memory/2436-357-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp
memory/2436-356-0x00007FFD682D0000-0x00007FFD682E0000-memory.dmp
memory/2436-359-0x00007FFD65F20000-0x00007FFD65F30000-memory.dmp
memory/2436-360-0x00007FFD65F20000-0x00007FFD65F30000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 6a499773e926fb2cb59daca86d6491c0 |
| SHA1 | cc85fe43d6e287ba18d96b516b8ca696ba3e9258 |
| SHA256 | 6ae4b40eb0290aab4fdb30f403b5f9e9377d430612bcee9774c172ed8c80f70f |
| SHA512 | 64f3f5741c090886a6bf6a87c8b6dec957e189ec567d092a22e8ea9c07b7d8b46a51835a775e7722a6c1ae1fa0d2cceece6bf18b3dad675bb8d98fc021cb9858 |
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 3c725e91c8a4a62ecf407f75f3941069 |
| SHA1 | fe3bef1063e35b4b6af1c4eccdb72565ab50d5f7 |
| SHA256 | c58bef2ff41b1338c3766cf4ac569710a7ae3cf434cc975878d316f7bb9dc42b |
| SHA512 | c716ffd09804376bf839a4393f8fd4f8c40a3e99496eba74e031fb01d0f7e2b5835e954ca17f7089ecca8220139ab7266bf55f29150f2f9e58435258e9fc1425 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | de0d0f2df543e8550786b2d297737a63 |
| SHA1 | 478c57d3f3df6cbee1b65726e323a023957d1c02 |
| SHA256 | 7dfd11ee3da8eed71b0fd9efb64da584f7468feac1e7799045b56768e62f2c31 |
| SHA512 | 0e73abe034fac42d8e497af135fe8f16cc0a0d1afa9977b5f4b83e722cde97a71546252e3f29b5416e15a2b78e7e95ec373ff7dc824271be3538ac62dc186430 |
C:\Users\Admin\AppData\Local\Temp\TCD2B38.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |