2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
63s
max time network
63s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05-08-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2628 chrome.exe
2628 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

HorionInjector.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2716	HorionInjector.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe
Token: SeShutdownPrivilege	2628	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe
2628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2628 wrote to memory of 2712	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2712	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 2712	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 3028	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1472	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1472	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1472	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe
PID 2628 wrote to memory of 1032	2628	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7dd9758,0x7fef7dd9768,0x7fef7dd9778
2⤵
PID:2712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:2
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:8
2⤵
PID:1472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:8
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:2
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3256 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:8
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:8
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:8
2⤵
PID:2132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1948 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:1596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2360 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2380 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2692 --field-trial-handle=1396,i,14147861377624380198,16226399509717102917,131072 /prefetch:1
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4174d1de-4f2e-45ed-b495-16a20f3a0ee2.tmp

Filesize
319KB

MD5
97b73c23adb79d8fdc490e5b2d4dd9bb

SHA1
95a83d5b2a6bcef3fd334a20a82d978aef57860c

SHA256
8d0565187cdb8e99f38a39323ffc7fb625bd76d5e07e0eb2b62edb4facf96277

SHA512
bee419ae90a27772f63db705841cfe2c64c3b95806cdaca765f2db3775657eb979ef14147fe03d89d3ebc328b3796175dccc365b304f56cb5b5c17e45cc37a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
590cb1cd6ed403dd39a094fa920ecc04

SHA1
afb220db0a1bcd498ee822d893b6eefb8b4b4026

SHA256
63df203479a20d678c8c52d3c74b61450faab3f1896bf7e79f085fd32c64edd4

SHA512
dd88e99a58641ebd456671d2f5184dd7cbc550457eac9a04ca29e447a7b79b8ef39b980dac4381ca7c51b3c0de69857fb99546639bec8e8240d0259d66cd95a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ce8c7f9acceb8a2f5c7f716370445b7c

SHA1
947b775e20fd18264c42e2fb29fe9e955d34a781

SHA256
344830ef82b01d25c6fe504d4ac08021f275fc68f9bb5eb09357b5866f6fb722

SHA512
9f88c3990286314b6d61a1bec6ae5a46fd679b5c16867ad518497a859ae6f2e20c8c18226164eef9f7d871eddc0ac6832cf9e28e81a3928905ef58ed15de1efc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d00be111802ff8192a4cad30c53febd6

SHA1
07845e73ae19a804d816c5b0c0dc23cd9e6925c2

SHA256
8114a2e27228b38d4bb150a377bb494d9c68616dd48972d2fab3e0734f5c87f0

SHA512
32fb2ce07ad181c1153515f85821ec77c16ebebdd90aba718e9ec427280e53968170b6042ed16dae8d378635b5d94d7ba1f3b852a3cef17bad4955b7260e89ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
97cebff070ad8bf37d3d77c0fca45867

SHA1
b8bccadc9a8ec240a964b7f6ee74d58a6b1a5bc9

SHA256
26e1ce6c4e0c28cdaa2b98963139e00b4523020e3339ba63fccb731ecc8e440a

SHA512
29ddea422c6dbb9e2ad64b0a5063d3df959d8f18833a705f0a2fde24385073fa3e3a8494aae22faaae43ec69c494162bd8e9a9971480679156cbc719bd3ed02b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
319KB

MD5
424611a443376539bf1dd29dc9a67721

SHA1
aaff8df65281cd721fb46db6c7b8547a8d136a82

SHA256
871b81d3825da0b8faacd496a3e216d5bda2ee1a2ecb19eaee343e825cf65d73

SHA512
aa92354528546206580b6382e8f195b805eeab046b88abb9bd95b15d5978981f8ce95a4b2a9f67edee68f7ec7c6686891c4184a1ef8d3fefc1344fc35e5abc32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
162KB

MD5
a7ba946ed1f7ed463629b00e3de4bc6e

SHA1
2e1be4b2922d1cc016741c675a59cfb461487bfa

SHA256
7b4093a36bd4b5821ae195595ebcb6a5cc859642c887bae0c8f2eb6c8acfa65e

SHA512
cffec0627c63632a8c7031af3e9442343ccdd3663072ef2941d4369317bfccd5269633098b54f008930711754c042c09bb4a25ecf49d6beea0462e6882fd5c03

Download Submit
\??\pipe\crashpad_2628_LGKTWGGQCINHVIMR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2716-0-0x000007FEF60B3000-0x000007FEF60B4000-memory.dmp

Filesize
4KB

Download
memory/2716-6-0x000007FEF60B0000-0x000007FEF6A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2716-3-0x0000000000860000-0x000000000086A000-memory.dmp

Filesize
40KB

Download
memory/2716-4-0x0000000000860000-0x000000000086A000-memory.dmp

Filesize
40KB

Download
memory/2716-5-0x000007FEF60B0000-0x000007FEF6A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2716-2-0x000007FEF60B0000-0x000007FEF6A9C000-memory.dmp

Filesize
9.9MB

Download
memory/2716-1-0x000000013FF50000-0x000000013FF78000-memory.dmp

Filesize
160KB

Download