Analysis

  • max time kernel
    350s
  • max time network
    328s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    07/05/2024, 08:37

Errors

Reason
Machine shutdown

General

  • Target

    https://github.com/LeoLezury/Hydrogen/releases/tag/v0.4.28

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 46 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/LeoLezury/Hydrogen/releases/tag/v0.4.28
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3780
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff94e46cc40,0x7ff94e46cc4c,0x7ff94e46cc58
      2⤵
        PID:1312
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2016 /prefetch:2
        2⤵
          PID:4880
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2044 /prefetch:3
          2⤵
            PID:772
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2248 /prefetch:8
            2⤵
              PID:2788
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
              2⤵
                PID:1496
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3284 /prefetch:1
                2⤵
                  PID:3800
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4632 /prefetch:8
                  2⤵
                    PID:1604
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5112,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5156 /prefetch:8
                    2⤵
                      PID:3068
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5124,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5300 /prefetch:8
                      2⤵
                        PID:2780
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5444 /prefetch:8
                        2⤵
                          PID:116
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5140,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5568 /prefetch:8
                          2⤵
                            PID:1036
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5160,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5608 /prefetch:8
                            2⤵
                              PID:3060
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5116 /prefetch:8
                              2⤵
                                PID:4784
                              • C:\Users\Admin\Downloads\hydrogen.exe
                                "C:\Users\Admin\Downloads\hydrogen.exe"
                                2⤵
                                • Checks computer location settings
                                • Executes dropped EXE
                                • Writes to the Master Boot Record (MBR)
                                • Drops file in System32 directory
                                • Modifies registry class
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of SetWindowsHookEx
                                PID:3680
                                • C:\Windows\system32\7pshco26xwmig.exe
                                  "C:\Windows\system32\7pshco26xwmig.exe"
                                  3⤵
                                    PID:824
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3292,i,13914316159802894166,3806534578136650613,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3528 /prefetch:8
                                  2⤵
                                  • Drops file in System32 directory
                                  • Drops file in Windows directory
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3512
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                1⤵
                                  PID:2272
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:4604
                                  • C:\Windows\system32\LogonUI.exe
                                    "LogonUI.exe" /flags:0x0 /state0:0xa395b055 /state1:0x41c64e6d
                                    1⤵
                                    • Modifies data under HKEY_USERS
                                    • Suspicious use of SetWindowsHookEx
                                    PID:5108
                                  • C:\Windows\system32\launchtm.exe
                                    launchtm.exe /3
                                    1⤵
                                      PID:3952
                                      • C:\Windows\System32\Taskmgr.exe
                                        "C:\Windows\System32\Taskmgr.exe" /3
                                        2⤵
                                        • Checks SCSI registry key(s)
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: GetForegroundWindowSpam
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:1924
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious use of SetWindowsHookEx
                                      PID:1400

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                            Filesize

                                            649B

                                            MD5

                                            fd8ddeae354645572d43ceb6df58b017

                                            SHA1

                                            f033eac071b70b047f6b6bb3f0c82920f27b03ce

                                            SHA256

                                            615ee65fd0fd891196eeb521d02140cda4867ad49710951958bcde7801ad2005

                                            SHA512

                                            46ffd0f52a30b72e3fa145a9ec63d4a4be64bc56670ed1f246705d627fbf594d884e86578fd7bd4fb001489f93ee7f431f51064356b89c2e09d0d18e5d2e79f9

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                            Filesize

                                            1KB

                                            MD5

                                            77f4b9a4095a48605cc5407877b496a4

                                            SHA1

                                            de2aaf6cdbb188da12e1f06e507b0849b8044d6f

                                            SHA256

                                            e03dd0c5dc99edfb9fe7a3341c44fc89be09d60940dd744c4351d72d931caab8

                                            SHA512

                                            9782a5d2438b31ff1510766c4aaf47fc90ed9c0ea604bfef9fa3f233ab64048989f73c6ded3aa80a6706d7da75b53703b677ea9be0141a911a4cf2a0d0a9346f

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                            Filesize

                                            2KB

                                            MD5

                                            474ad7fc02c159b07d2100622556f890

                                            SHA1

                                            70575ddd0a1c5ed1b43ca406d087b5beffc5bffb

                                            SHA256

                                            3e019a45f79aa0194b6b0c1ef3717567e4d666c4f1991e0725d1a2c394c0f23c

                                            SHA512

                                            12b47905881aef2b0c5ed4fdf4d0019a7d3429649f15a9a5a6033c5e25d272b128d835c3364514cd1b82ac8e0cf23021e489306ff762bf9bd4c86d1a434257ff

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                            Filesize

                                            2B

                                            MD5

                                            d751713988987e9331980363e24189ce

                                            SHA1

                                            97d170e1550eee4afc0af065b78cda302a97674c

                                            SHA256

                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                            SHA512

                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            3036d38eb0d01877b9bbdfcac1fdedd8

                                            SHA1

                                            f51ff5a7b56108d77c972a0cb55c190e5110360f

                                            SHA256

                                            e9b7da8418b49fbe62e3a7a8fb7bc1e1f8c1111a8aeae73df4f5e30069f68513

                                            SHA512

                                            3062dcb91e72189ecb3c18136d5a452fa7a485069d15d18716ccfaa07395c5ac0510de3bab2e15a5af6d1914234c439e98c5e8c6ddd289c1a77ab5f652688d77

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            a2d4288730dc0c51416f42f410957389

                                            SHA1

                                            f958c42bd48730b0c339113139827770b74ee2c8

                                            SHA256

                                            c24becef8b2689d51c4f4ae95abecdd9c418504baa9723f708a82c8e3283eecf

                                            SHA512

                                            0b8e2e69ea9a76f535d113b04787d1ee18d71968c227c1a2b0fea3dbe98412ddd3976bc12d5cd3a8c4e304de68f2273b71aa6723a99e402e6f0989f13cd28874

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                            Filesize

                                            1KB

                                            MD5

                                            82a5a0021ba8cf1335a56ab78a6209cb

                                            SHA1

                                            cca1863d9f2889f26ba1c99ca6a5baa3f829a90f

                                            SHA256

                                            097a0f82b30f64d6f12b80e0076e96fcc8b13eabffe6b5b899b529ab3efd0e7e

                                            SHA512

                                            34f1ed6f176830d6eb9e55be56d24d63ac4be431dd869e740d65126f291e2afa8739136cfb45b2ad03de471a71806bc02f92f9c578d17e077ef13b91d3467bd1

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            3d070b28ac81d78965e2b7419bb816c2

                                            SHA1

                                            612b4ea0ff3e34784ad77afbde1974da528d387a

                                            SHA256

                                            3a318ec5119b50018ec4f2032eb408f1ad5403c622a92d0bf412f5b768ebd280

                                            SHA512

                                            a097cf8273eae6dbc144c3cf9b605b0ecb1455d2a1016c2938fa0f0a675b69e2a94b2a80017250196499090f8be754c350c1367d250d6ae539c4274b81c99168

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            fa5e24e987ec73198429fd4fd1f10b6f

                                            SHA1

                                            7421d9eddff81d54c44affb9cad704f05956fc98

                                            SHA256

                                            957b59269c2fdabf02616d3ebe7c27fbe3f595959dbba968b3cf912a596c94b7

                                            SHA512

                                            248b54ce0fcb7cb24f364fd237be99d2f477e37a7722558df51f4b76cc0834dd965153c7ec5d3898885376035d3b0e94d75861856619c4eaf9a108a414750d79

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            7707b6f7abacacbc6856aa94fdf9a859

                                            SHA1

                                            3b0dc24146b99231a32ca46e897d064eb7c32c61

                                            SHA256

                                            28119c88541cd6f1f71db7b4efbd9fcf0d6d59a59a96fe414989f4d1b1fdd9cc

                                            SHA512

                                            4cba50165f6f54c81ef79d61f893fa76f63e217374d48494bda0ee85a59cbedc3dd3efd77cc961edf0bb4d3aceff496d6c519c9208b8a379c580964ce3185fdc

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            8342d187a2447dacdfffa941145fe262

                                            SHA1

                                            7f86f0e619ec2521edaaf3b2cc15e0c205b84809

                                            SHA256

                                            b5a9d3f1ac48fc3477c623ac1e5b578ea723e0800e12f8df60faf52d6fff9462

                                            SHA512

                                            8f809e7e84158c207014c0705860c5663790e1a93474ef5909a040717babcd3e7fe66f0f4532e96eb9a5d044cdfa1ea2fd6c494dcbf53ccf1329db1c38bf0638

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            9KB

                                            MD5

                                            00d2bb068973d5e5cec6141a32eea088

                                            SHA1

                                            9b932aa6883bdafe64a3d55bfe79d80e6ecc20a5

                                            SHA256

                                            10bef4be79ce59f7a1b20995cdfaeaf6b7c43cf967dd09cbb52c7714624efa1d

                                            SHA512

                                            7a9ad7110cdd9e671812a19a6d1918d4bf72ced94808cd293a8f63b5dc1774dcd0b49e57348d6a46c77a4c7d3afeaab7ba5245d8244f76d0fb12564eee0a163d

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            66e105d0190313637132b03da441c339

                                            SHA1

                                            fcc8e64022869208a06eae695b0f3355d964bf87

                                            SHA256

                                            78f9192a1947f649cdec5b990c06560629e60b6e6112ba397a1785f1207f58f6

                                            SHA512

                                            73954513bc8f19ef6e9913b89feeb1735544f761e562335918b7977d52740ba726d816a29b076e09ecf666c8a0024a038cf74ae2b7cb3dfdbca0717df4e06181

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            51643234bc89c1af9a1f49b7e3c029f0

                                            SHA1

                                            94c5ee384703c835d6b6e52f94470a54cf1daec7

                                            SHA256

                                            69ee1ddbd5ed885c19be46ee27562d2b6f63894ebceb68a6c3fc689cc0d87287

                                            SHA512

                                            526d6ed1009670369229ee434c7ae356b5323bf67731fed5da5c9620c06efa18c41a6a873513383b5b2a7c6ee98231245f676aae9e2056446d11a865463c7fb8

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            9KB

                                            MD5

                                            f964910016bd706405ef30cc376fa2f1

                                            SHA1

                                            a7a66fdc76722d75f9e499557da377efe38eb8fd

                                            SHA256

                                            369f393edfaaa78d7b44bf0dd0c1818c82a76e66dde19327d05c4c0301ab2576

                                            SHA512

                                            48151611a123f7a1727d2ed8d0fb36deee003e372be510f315e98d0820649fe05c27a002442a21a4e07d09fd784017228909fbf65241d14b389717c0d90bdaba

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            eb9023df2f10073a07a4a1e325d2e1af

                                            SHA1

                                            4199a9b2925212cc1020a147d4fa6d84bd4706b4

                                            SHA256

                                            43eafbf691e413315bccb58cb2191e5dfe2b2aebe695c0eb1716b69d0d83c84d

                                            SHA512

                                            c2cd1d6a341edbfa71f57feb4db668f6e23543ae3dde6557c5ba2856dc4b719173f968093dc77dbb6bc1f7170123f385b6d5d91bbf0c41a11ae5d3be0d9b4437

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            a3d41c6402885ecfc9742db4831f45a6

                                            SHA1

                                            41cba3a2dbc56d44cf60592f6074dfd2c5d2ef49

                                            SHA256

                                            3838674854dc5274fbaa78950a2e344e89799dee7b1b706bff0ffea6430d5cd1

                                            SHA512

                                            41481d9b59ada08d5d71e047d139b8702d52c9010d6aeff55dcaa47a543d93f2e859599cca51c081cfee6a5309f5301bbe28c4b6d9d6d2f60cc52303aebb498a

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            2640f97375a7b37a411c2ceb998664e1

                                            SHA1

                                            79adffc1b218ba40d2dd87fa5bf33aa4c14a1f83

                                            SHA256

                                            6284e0c7bf9746b1b22afb4b7816c81a233da73574fd509e08d68d1125436919

                                            SHA512

                                            d857d04d25210288db68625299fdc3e70a13e62a2c63e9c25f1e84baf2f23572836f4410509583f2e0e8a18c4669b64253a74f9fd4dc264d7f4fd84739f65a1a

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            9KB

                                            MD5

                                            69693b94e6caa1a4bbd076db7969c65d

                                            SHA1

                                            21d182d156dc455c8faf717752312ea8739b78c7

                                            SHA256

                                            873424a560a9b761d40f0308c086a1b15fad829e0994f4728ae4e7684d1d8cd6

                                            SHA512

                                            1b2f6df0461d45f012d406f61bb504b9a90a880aec1379062da2fa429237d9266a4c4d054bc6c997ce68ef06c62b49ba353251efc125fd8dded4853552878236

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            a811ae1d4b87fbacbae27a1450077431

                                            SHA1

                                            3920f017c473343db485bc4fdac4be487d36f55e

                                            SHA256

                                            af8e746400f2edccce4b469035ffeeaae3256ba493a0305e15a0cfcadbcf137f

                                            SHA512

                                            b9905e2c99a7f96237feaff7950662714b00d365a7ffa9313d96e68283beb049287c8dde5c2514378a5ed736d203a6d912207f43513bac6abc0992f5f2e89143

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            9437b3be5605f64a6f5348ffbc2a3670

                                            SHA1

                                            b07d97cbcd160e5b35f5ffeb9ebc682e96b5329f

                                            SHA256

                                            b5b42ea032283cb7c461e9a62335fd31fd6b79c7900808ffea6b97ecc281b1de

                                            SHA512

                                            e9a2f77537cc22539961f81f1385d3a1fe06b390c04c0defbe0d91a7b34b7e11d5eb373a0df32b97d54d68528769409cf796887bc350d4b1f98454abd6a09daa

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            e5cd5a0484ef0b9646a6f6eb3ecac3e6

                                            SHA1

                                            a53ea77b5b3da004ed54ae6509160ab14f3226bc

                                            SHA256

                                            8024a4e595eb63e47fb93e43e3d5eec5a5870e6d63b4b62b56554e62bb59c32f

                                            SHA512

                                            6616d76dca0bc63e8815ce976a594ebe73e5cedeb8b17f67318df30c748c97494d5fb46eccfe1f786e3c67a86e13310fb423d3a3c9c64397d021e1d743c099ee

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            76822eaf7d48b4f79d1f128fdf5c404d

                                            SHA1

                                            435d42d3717cd0eec8a26b3fb5d0da4b911e812c

                                            SHA256

                                            e18fd7196424a345ef8ff115f0ae13319702b893c12992deda8c1e9b06cc632c

                                            SHA512

                                            42deac4d274faa32b6c0d19d2ead7ac5e24d1dcf9aece7f1bf8fb1960927db5d725a5b80381169a1fb031d6639dfd371a989333a55049d893db09c767fdf80e9

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            05692d6aa0120b525c5499c6b6de104a

                                            SHA1

                                            3e52c9fe87eb9603a3aa65433a48fea301aa2077

                                            SHA256

                                            f585191278081a12a5c51a5aa89c2f73cd8e236b395ee8cc8f28ccd7dc8c1750

                                            SHA512

                                            8e990142611c3068333ab3b6b6d2ca4630126319bf7ca1520365f5dac454eeb3daae7b3acd0fef304d66f02950f27dbfed9821a5a81a3f91def60914f4433cbd

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            0de99550272bc45b706cc5eb1fb78a22

                                            SHA1

                                            b3e42cb1035efdae49af7cacee641daff931d0e6

                                            SHA256

                                            3de82f12220c0593069af4e00a49601472d11376b5624b6b5ce729f80c672332

                                            SHA512

                                            0cde4c76e2b6cd038b088674a9ea3a225dacb0edb41d6b9e334ad21929ecac5869bb3f8b7feeb2881def1e5599270b3e45e6d52da34baacd3f6546b16c98f731

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            15c21e8fa1e93ba394a9c14bb8fc2ec5

                                            SHA1

                                            3b9da5a026c31521b4e475b3b498394b7a9ac6d9

                                            SHA256

                                            7f21f694d891d5673334e22f14bc84610a36658e6abe4ec52efd0b8a75487679

                                            SHA512

                                            a73817422dcc949a32e40cb85e4c0c30e00bb9021e9e20d9c954e2c682e8972864bac4f6c36ffff6d98c10d25893557271be41465f5a37875f9b6482e85794cb

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            042f43139aefbf7df77992de2ea12c60

                                            SHA1

                                            b91edb7cce40f8d1ec210bd9eabd2259855bfcde

                                            SHA256

                                            fdf7bb2b379ac9aa9d7573b55a1351af1bdd5314641b1c1f1488e2a168d26460

                                            SHA512

                                            6871e4a387846d3e6755a7b61507d47bdc3889008946cdd0e0fdb31df1a014f7ec1bd91158eb3630a318f0011382345cd76ded675bcc9c72d0e001f1b3e3de22

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            10KB

                                            MD5

                                            d49ca9d7147cd2a4517632281fac19be

                                            SHA1

                                            ea05ee7a25a87a96b0db08bc7de25d2b934178ff

                                            SHA256

                                            e8e23049b52d7ae37cd2bc1791eebd409e3339dce8b0796ae6d87524d78a9e79

                                            SHA512

                                            6690da9b9d15eb41184d13c2efcf83d9962336981db40220193c23e1b6aba85088d58cd7d129fea5442494c4dad80490e82b9d73580df8629ea7cd01682f4c3a

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                            Filesize

                                            9KB

                                            MD5

                                            739098ff16e818295ed859501737bd5f

                                            SHA1

                                            3fc203a6939e88dca551ff036b68ed24e3f707b7

                                            SHA256

                                            b490becfb6335411a457bbdcea35fef4333acb5a1c1f4236662b56f913b95d84

                                            SHA512

                                            688b600de1e7012b8a0e7b95678bc258cc5c67d2449597f60d6b17d46bee4aec7027c1aaee6db5051ab2aa8b86b88d89c5ba448bd41a80969179bd6f1eac42cc

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            77KB

                                            MD5

                                            9249aeefd23b5a52929668165bad909b

                                            SHA1

                                            df4e0f920a23c0969935a773c2b546a3774d1acf

                                            SHA256

                                            a8f3146b72e0a76fb7818fcfc297acbed959204a83949724b12718bdce9ce593

                                            SHA512

                                            716b32b146e8bfbfc5263136391071c515cdb0a415360fd086420be09090f90c685be09a0cedaa620ec9d1a36f55b6007e598b050f644e94686f8e6d08bcd78b

                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                            Filesize

                                            77KB

                                            MD5

                                            3ecfacf5079eba58dd24b28dbcba7c3f

                                            SHA1

                                            77359cb67bce20b829f488de7aeef3e5e6e0a802

                                            SHA256

                                            c03c8cb7957193aacfd780246e762a71412c0c6d85cf7e04994e4afeac682c1d

                                            SHA512

                                            f88e71541f151dc8b0bd643021f7008a172c8666f773fc340b05144607064d3f75069f098cf85c71727475247377161931fe49e9c81aa689284934a3060fd285

                                          • C:\Users\Admin\Downloads\Unconfirmed 659605.crdownload

                                            Filesize

                                            128KB

                                            MD5

                                            efdd98ae7ba8aa1a457d6938d554e5bb

                                            SHA1

                                            5adc3d12792396b569bf024676636262bcd9c7ff

                                            SHA256

                                            283f195bad35cac6e9452c2791eaeb90d9cd6d506aa16c6505247e5be74aabf0

                                            SHA512

                                            6c1e6adfcf7416c153b8f57149d232bd3caecda0806369cb00131e0877559953041017a641f910e7360ddeb059e568c4c4bbbbed28ed902f80221a68f1bafae9

                                          • C:\Windows\System32\catroot2\dberr.txt

                                            Filesize

                                            37KB

                                            MD5

                                            7e3696171e17f55cef205059a77f440e

                                            SHA1

                                            6b88f00c3427307794029f0053e1cf277d68cb66

                                            SHA256

                                            b746f2ccf88bb7713827f4737ccf771d43d1d5e2df431908574ae5a88b24236d

                                            SHA512

                                            7bca6647e559ae3740f00782afb16626a6afcecf0efae256ae557df2d309b51b5330e33c34fa6555de182e9af85eb25c0a6025337d3d1b9dfd4ee111f22b9c5c

                                          • memory/1924-318-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-311-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-312-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-313-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-323-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-317-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-322-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-319-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-320-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB

                                          • memory/1924-321-0x000001B84A550000-0x000001B84A551000-memory.dmp

                                            Filesize

                                            4KB