e13051091b47bf5a1174877b14a2a63b9f6095df1a7a55735098b081f9e02c29

Analysis

max time kernel
407s
max time network
438s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-11-2022 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

robloxapp-20221114-0929554.wmv
Size

3.3MB
MD5

680ca8d5d1ad9e8f1dc66dd6ab4a6672
SHA1

69ac1bdea7d32b2d017a132471885db5e38af2ac
SHA256

e13051091b47bf5a1174877b14a2a63b9f6095df1a7a55735098b081f9e02c29
SHA512

c3503a7438f7ce424aaff29ef02cd63788df6b38f1ce86b5e414fcd358aa8c7b930dfc5682678e214377de4f7e5b9c1c42d0211785173fd345195df77ec9ed2c
SSDEEP

98304:1sn/tq2Uo9H2o9T9GUfV7w96x2g4LGYAhm:i423H2ITwUK6LY3

Score

8^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

hydrogen.exe

pid process

2256 hydrogen.exe
Loads dropped DLL 7 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid process

1280 chrome.exe
2228 chrome.exe
2232 chrome.exe
1356
1356
1356
1356
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

hydrogen.exe

description ioc process

File opened for modification \??\PhysicalDrive0 hydrogen.exe

pid	process
2256	hydrogen.exe

pid	process
1280	chrome.exe
2228	chrome.exe
2232	chrome.exe
1356
1356
1356
1356

description	ioc	process
File opened for modification	\??\PhysicalDrive0	hydrogen.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

1612 vlc.exe
Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exe

pid process

820 chrome.exe
1280 chrome.exe
1280 chrome.exe
1280 chrome.exe
1280 chrome.exe
560 chrome.exe
2096 chrome.exe
2508 chrome.exe
2508 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

1612 vlc.exe

pid	process
820	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
560	chrome.exe
2096	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEvlc.exehydrogen.exe

description	pid	process
Token: 33	1256	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1256	AUDIODG.EXE
Token: 33	1256	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1256	AUDIODG.EXE
Token: 33	1612	vlc.exe
Token: SeIncBasePriorityPrivilege	1612	vlc.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe
Token: SeTakeOwnershipPrivilege	2256	hydrogen.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

vlc.exechrome.exe

pid	process
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

vlc.exechrome.exe

pid	process
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1612	vlc.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

1612 vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1280 wrote to memory of 1052	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 1052	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 1052	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 864	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 820	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 820	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 820	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe
PID 1280 wrote to memory of 592	1280	chrome.exe	chrome.exe

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\robloxapp-20221114-0929554.wmv"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x160
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb194f50,0x7fefb194f60,0x7fefb194f70
2⤵
PID:1052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1140 /prefetch:2
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1240 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1800 /prefetch:8
2⤵
PID:592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
2⤵
PID:1588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1140 /prefetch:2
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3728 /prefetch:8
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3640 /prefetch:8
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2012 /prefetch:1
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
2⤵
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4572 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
PID:2088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2068 /prefetch:8
2⤵
- Loads dropped DLL
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1136,3087818459834672986,18418468926315861741,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2080 /prefetch:8
2⤵
- Loads dropped DLL
PID:2228

C:\Users\Admin\Downloads\hydrogen.exe
"C:\Users\Admin\Downloads\hydrogen.exe"
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:2256

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb194f50,0x7fefb194f60,0x7fefb194f70
2⤵
PID:2348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1068 /prefetch:2
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1712 /prefetch:8
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3300 /prefetch:2
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3376 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1052,13363750148741566504,15561718741587492979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3624 /prefetch:8
2⤵
PID:2712

C:\Users\Admin\Downloads\hydrogen.exe
"C:\Users\Admin\Downloads\hydrogen.exe"
1⤵
PID:2664

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
ed6ee0ccef27e8eaaa207e84d4c0cfbb

SHA1
a64fb92322975f57bab45209fa6d62ddd48c00b3

SHA256
9b304751bccc46470a1ed655964e711da694ea06f8044da017b61a67121ca676

SHA512
203becd67b55d13d2f60ccf74f09ec428d48258c1079a2ea16049a2e9a9aed6d97780457f9b8abd99b8b8a860cfcad1e81e32b74bad5cea0ad47810766f5648c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
74205a4020b47a5f35c4160491f85a0d

SHA1
bd3daeb4dd25244f7980733780334754b1e1b28c

SHA256
008098ef2353a9a1ebf44b63e7ac5349e9713b01888098df6c353d7bee7ccbdb

SHA512
3593dcf50114501ebebe5ccb56fd6c6b1325c36e8c42c0e8800d2e58012a0a50c216373e9d726318039bdcaf55d341598666d2619f6b839cff4123f40a6c6b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
Filesize
28KB

MD5
ae3d34d79c96c20d771b7f8c103779c9

SHA1
84dae389b45a0a00596041a4c9d4324971cf412c

SHA256
a3a56000b41cb1b21d17ba04ae426f78b6a7a9a724d477aa74e993a8cb0381a1

SHA512
8c282b056a3d6c624667e71bdee57dc0023aa80716f51a38fed5599973d137cef79d4d9d281c86d474f436d963c66de727d8ed3e21d71fa2b4a9a8e177121d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
58b1180cd72290260b1dbb4502c51ced

SHA1
abbd0558432d5ecfe30f88655bac8898dad446cf

SHA256
1685b66eb8abd2852071d2cad57fb47fad3309c7a379d13f61916f10320ad4f7

SHA512
f8603284cb10040892138e38fce69f0e4a751b138f1e83d7f3c9341daf7ab01cbacf7dfc40a1d5f9b59abfe6713acaa9fc47d23bbd12b7f894f40afea2e28237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
116KB

MD5
c295617622d045e3d73410a48a5d99b1

SHA1
4678fd74308bc9a607b7beb77fb7e1759daa0c4f

SHA256
1cc96810529f3e6f3ee5462bcba6063f5ef85202d1bd01275ddcb5346ef58557

SHA512
c48ae2a9e951a4cfaa0125d3e0363f89c5f305686e4e1708942d20eaba7e1c6423786b2fb5ca1d05cc441ad4e4a133f38bae77c8cf9a503dde0507a52bc7221a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Media History
Filesize
140KB

MD5
9de7ea9acf65d3b84cbb9a6f2b219000

SHA1
f8967579832349e2d32510efa42405c150e0a385

SHA256
262d48e7035fe48ef0d25131c470758de5dc96b9d0fd85ed18be8b0b8746b99b

SHA512
a3558a17ef0dfe51c46f5336bdc94a7eda4eb36f2f99ebdec41585d1c9f7534c8d5320ba6cff2c6365aba72dd2f58a074d68ea87f9dad8e3eae6a3bf2b23c29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
Filesize
331B

MD5
cc3bfa043fd633397c5e59b808105fd9

SHA1
e96cc376f91fb4453cc3c026ea6dec8d3ca90738

SHA256
1436df552b2e7f918034ff20f964083f132ba7e9b4f70418f62cf75d7e53de18

SHA512
214c74e9871d02ab72f1b3faee35a0ad4224786bc42d476c2bdc644cb89dd6b19c6e406a2453743e4ad32ece9907c9ee429fde1baa92e3160443731067bc3ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6f29528bc2ada200bb0add58072f1f36

SHA1
f20a011c5b6fa241afeb04fa64ee47e1f82a06f7

SHA256
53d5f72135d876b7e17c63d9b2f64f255405b909dd447658fd15612f615855e2

SHA512
90d26f5154b2a6789baef8ca59f7738211f547e126b51fcc8675f18307cb04a731dae170d32716f259dbd8477a976cd20de542dc6fbc62a7e61d1cd0c73690d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
5dc682df75e641378b1d29166d860af5

SHA1
782d68291c3a6dc2687c56485a25527c474716f2

SHA256
4aad4dd69777260c5486dee9b025c3dc764053117542b0d3ffdef7e288ff41a0

SHA512
fc27bd935e47e622c6017d381d666989e4ff16a90a1d2a630b3f7a071f0e33648d3d0f92fe62ed3696353481059da8b465d59cdc55d032225b413e4042810136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log
Filesize
623B

MD5
5f99e8479be7b06f3f4cdaee353587db

SHA1
cbc4d34b9ca07ed6de0ac287c7775324d6bd8b25

SHA256
ad6d0f59813417541bc1d127f8cdc28b4a41cdb877926318414b3dff09486080

SHA512
e3cc9a73f5b0ad1cae4d4bf96803db3b8dc3580789bea3608d92fee1e083bb766fa7d0bb0df7a9d9e056297fa764dde9848420287067b2b7747b91ac84a06f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
Filesize
146B

MD5
cc3a4765947cd992eab7257b46dd477d

SHA1
fc1b46bd7365cfb7d5257d8ece9d14cb1db858af

SHA256
f1c1ec3672a184eefa83d910e2facc3623dd12b315f0562d39a3125507af2c19

SHA512
0a02a4b96b4016e760355c7229ae33788769c71d42ed422e506282924bf47ddff34da7a64fd3cda6543da4bed39bec51fcb5ae473241840fc34356e40ef36254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13313271205015600
Filesize
11KB

MD5
d11bca872ca008072e7f2967479f9eb5

SHA1
36bca4e808e23aa19578cec15d1538eaa7969ca0

SHA256
a1e3fd9e65c9620c14f4103a3bf2ff9c0f7b89b937612a3af880ac23410ff727

SHA512
9c7ce7df362d3dfc1dfb26e1b9e95bfd3b48ca8f4245486dec405206ed8c4d936f625a4344f6481d759cac13b1dd30aa576b934cbee7966d87f4acabacbc1214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
380B

MD5
f5b7273d6b3a64fcd925887527b23b0e

SHA1
7910b2784a9a4e6aa219d26a58b13d3cfeb83c6b

SHA256
df5c51d91064d9bb4e887e6fc2f7a1656c6bcaacb99bc4152baa530677d67a9d

SHA512
8ce1ce77ad0ada18c83a01daec1088f580e59e85a1ebab378793fc2f85401f6b878b65fe5753389488f3361249929e34d3cad7e2ee78e7b71a3281adb24085ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
0e8a43584d08e444c9925edd4ebe81eb

SHA1
6e1c7dc401f732403264cc750834b184b66a5e68

SHA256
3baa82af0cc7cb638a5502fa2aab20b2ff669dcdfe198e01e83bbe6ed87c4c04

SHA512
aa226855fed96f9d66aa352bbbe845ba4c600e73f6caa2be8a1e092f880b83e3676702207109f83579ef300eaeb8940bd9497c60b4a687759fe76dceab09c15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
0c03f032783cd21019d4610938176c40

SHA1
160e2c375a72164ce4211d1633c0f437cf7524cd

SHA256
421aaab8d212f023c90774af36565031c3730ba76c628591587b03550d85c710

SHA512
d0d840cb812a54625439ec705270769f9718e083ddc67c5af08b135455fa08c9c3718a31181041d48e414bd715e9467230318953b49740933df1fcb54564f35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
Filesize
128KB

MD5
381aa6982542a54650dc67ab4ec88286

SHA1
132087f26c2fdbaa9b7d16267d164b016295d11e

SHA256
c3c47b8bf6aae43521b12483700516700ecaf331d013300196048343a42c3393

SHA512
b4406a40da4d633e628019606c68bb4409a33fb02c9d783b10707fa263ea716a0fe0a48b88b10a7c6d09e773fa65a2ad25b1bfc8c4de41c3c1d181a89d572a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
Filesize
88KB

MD5
289af5cd4e93928dba785367a5eb943b

SHA1
d3277e79f66d0765885b9c84023bdd1bf2b0c61a

SHA256
0eaf42a00d13fb149b2b10dc115c04512e5fe2a20a277481eceed9ff4262b64d

SHA512
639317166827f2dad523783d6f01a278ced8eebb6ab13645392dcb424d6640526cc81fdd590f5042138cde49521f63ba468782829e2d8e4c65a228a145ef1043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
105KB

MD5
a7ee1774c4699aec5f63304de9fd0ac4

SHA1
54b2e77a71b3b18097168bcea39923ab0170cce8

SHA256
473896235e129c210cdc55fa4642c346c0bf35f2ee859a791b3f6d562d5c50ba

SHA512
693ef02218582afbb922ffbb5466f7e131f8751e6638c6ed05e4c78cf041cc6f0f62ec9f6991fc93abbaa886587df438fa2d103554b74b13dda0a2ca53bda1ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
7ccc20e9a5203df203ab86eef4c7b012

SHA1
7ab3d3d9359994320034e16556b42119c4d1d22a

SHA256
50ae4e78a60456f2886a11a3cd0f355fb177ffa9e0c0cdab381aea8ecbec46e5

SHA512
b11c68a26e8f78237d0a09ae32a96abc9368512e665a4ab77f03fd9cd0dd72ff926275c9c17f389bf2095b1bb3afc42306f8ec62760ba6de216dc6cc41c1adda

Download Submit
C:\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\??\pipe\crashpad_1280_MTCYBEBIWNCMRZLA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_2508_RBRGVFNJVPZADDWT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
\Users\Admin\Downloads\hydrogen.exe
Filesize
128KB

MD5
efdd98ae7ba8aa1a457d6938d554e5bb

SHA1
5adc3d12792396b569bf024676636262bcd9c7ff

SHA256
283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

SHA512
6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

Download Submit
memory/1612-54-0x000007FEFBD91000-0x000007FEFBD93000-memory.dmp

Filesize
8KB

Download
memory/2256-57-0x0000000000000000-mapping.dmp

Download