2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
80s
max time network
81s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-08-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector (1).exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680915211437793"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4840 chrome.exe
4840 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4840 chrome.exe
4840 chrome.exe
4840 chrome.exe
4840 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

HorionInjector (1).exechrome.exe

description	pid	process
Token: SeDebugPrivilege	864	HorionInjector (1).exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe
Token: SeCreatePagefilePrivilege	4840	chrome.exe
Token: SeShutdownPrivilege	4840	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe
4840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4840 wrote to memory of 696	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 696	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1944	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 2080	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 2080	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe
PID 4840 wrote to memory of 1248	4840	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector (1).exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector (1).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffd6b39758,0x7fffd6b39768,0x7fffd6b39778
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:2
2⤵
PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:8
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:8
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:1
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:1
2⤵
PID:3556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4040 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:1
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:8
2⤵
PID:4592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:8
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:8
2⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5136 --field-trial-handle=1848,i,8988977146424671220,14351894976883813108,131072 /prefetch:1
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
b6c113df1043a14278fe4808189c73f1

SHA1
dfb50357762875ade4471426fb06af48d30d54d7

SHA256
b83c777795d5310608ca7ce5772bb542b408b39ebdd6ae301ace2ea9a0f40437

SHA512
c3dd454a7a264435004552d3aa6970773e43f8296c6023b63b70d984a40fbff81de0407596fe13c917c69819ca3a94706b6d3f80e6a8fdfbc199c07cf70d81ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
adeefcf8dbbe65bd605c212c7881750d

SHA1
dbff32a6620cfce0cf2611d655dc018044bcfde9

SHA256
c6e3a92e7c0512e8e56b79a55ebc5b066b8d71ff346f72796e0564790598071b

SHA512
c33f8afcced00097de1625f02c780100b7e5dbdeff169f9af3d3d690a738e59796f773c74ed6b76163be7eb276d8f998dbe2f8a799ac2fb62e129bbc7ffde23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1018B

MD5
9b6f19289e7fba2d879f35f50d51727e

SHA1
34cee1fb87950c016b57d630e76d23cb13186373

SHA256
9c71084fd549a8d73be1724d2d333b58c168e0524224aff3f1be649e5286a158

SHA512
3704a51168c33b52cb6c6a5fa296842f8f6d0de8c4a1e5c1f5ecb1efd03cd3e990ee7eff42887291f1726a65ccc684b8eff0acae20f7d777a2a7aa0bf8508e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
d7af511ae0ad70284d42a85226602c5f

SHA1
98456fc49f62641ff395d69b689b2cb7a518aaa6

SHA256
a4928f94b71f063f0715d940588ec52d68fc5fa17116c6784be7bba677b2c8de

SHA512
f269fdff68c8d26a9af01fe80da53f8fa5457a4d5ae5a46e2e97c27afd0b31b9fbb5c70c71b2f4a9e7ef610f6620ca88649ed3352f8d14df016603e7e56174ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c45c97342367921ef07bd66f821aee38

SHA1
ada1c5f9f0f7d41ddb706ede5cf8943829f61aa2

SHA256
df0dcc5d4f8e7e4e7a4af5db7228b2ad06e328465b8c588f04fa064400146b5f

SHA512
1ad1bed188e749d85d7040fd03352fbe2765f6dfc902fcafb75376f60542d8aa2acc0da1efa0f7618b8f60e4a987f9d5e9f812b9a0cdaab7e47bdcd8ff8c1f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b724df8326bd6d090bf20c6007c4e8a1

SHA1
840e1fb43f00fedde951c7c0469a84099cfdb1b0

SHA256
d1cc94a6d9d32f6b7750d4fa0f6621e8f2811bb3c1b0f15a166b28210590eb61

SHA512
59a16f4a95b1bcb91ea8615a87d923ec876f490594d383f482dcd50949b5e4e410950a5bd6fe3ab3983751fa69a2d4aeca0f86615dbbbbb27ae9e4bdd35ce63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
be84b0f299cba6e964a60ee309d11a2f

SHA1
bd178a75243042914dcd9ce0f905149166f4c5d2

SHA256
ecc46b3e61655b27f7bb22be633f1e295d1da5486907bb33b72b461e1fce539a

SHA512
268c66591ebdae6e626931891452feb26a01a25bf93f76013e03c17fd38739547f49f842c922a4af9fd5edbac9436e83fc42f8741c954a6d6814e34a90f31b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
88d25b353983dc9342ccd90b45811681

SHA1
cd74c1d82103dad67b03b8fa0f22b9463a71d8c0

SHA256
9bb94a8c5a1f43f55ec4e1bd10771bf6cb2c5f024d01f151c6d7ba654b78d5f6

SHA512
e5af5f0c49c67936670c3361734118fcf76f2fb9a7e1ddb30719195cebaa882150e4078c755b78dc75a622aa3e70408ba9d1509e051de316f65b4cb4b2eb1fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
7e91f6a84156d451715efb13d744df93

SHA1
997ab77e04d5d1951525ba50cc5247b534ed6838

SHA256
e5c77425dd2f9b05752a62c3856193cba04285effa3fe204dd61e41d402e456d

SHA512
cfc76e55ed4def4e43f50880d6e59b3f8cc6a7a2f11ff15fba89b516c5fb9dae96156661b472cff2e62dc92a491d13869ece797ae33e9469885071e0a64cb7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
292KB

MD5
96653c041dbee2fe50f0cb9334c30298

SHA1
d6e0cac205b047a2fe419e22be62290d9f652031

SHA256
7dbcd0ca31b8535ff46588e6f90476837eb53a596a9b927d4f01e07e22acb4df

SHA512
b9e34e45c1c6571d74bec88ffd3e784974cc57645ff74b0cc0d40d6cf7e0c35329bfc321979df7e99407442c5b1cea03080fbb0981ea5b2db78b21850f085592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
292KB

MD5
277b5b8278cb12f3dd11bc977e97d192

SHA1
21ad512371fdfd8d8e720c9ce6c9d85b9a7cf118

SHA256
870d943f0d0421712b8512cb94ba744ac76b90a90514f6055e9606a19de83d81

SHA512
e0ae7b944797306abfa9b193a6b2c2e3cb7d8a44813d503300728fbc5f8489fbce76a97f20750933068f6d02e278dd3ae4e4f716ca11c804ce03c7b5c80a23c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
a6df44a1875d367f81d0cf5d0a697daf

SHA1
deca9dd6ac7151e61ae3a763d49a992bccd173e3

SHA256
5d53fe12127dc8152233cf2fea128f84b67a15a508477031b6f17e889d6516b7

SHA512
22a6367168093b2ddb6a8612885b0a4365dbf20cceb090f1c15243ea25e8261cd7d9305c94a5cf6362b9cb2ae391d050362f35d7e736c4c11f9aec0b82bf02c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4840_AFETFIEKGPVDMWBN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/864-8-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-13-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-11-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-10-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-9-0x00007FFFC2E03000-0x00007FFFC2E04000-memory.dmp

Filesize
4KB

Download
memory/864-0-0x00007FFFC2E03000-0x00007FFFC2E04000-memory.dmp

Filesize
4KB

Download
memory/864-7-0x0000022ADBCF0000-0x0000022ADBD28000-memory.dmp

Filesize
224KB

Download
memory/864-6-0x0000022AD7510000-0x0000022AD7518000-memory.dmp

Filesize
32KB

Download
memory/864-5-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-4-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-3-0x0000022AD7550000-0x0000022AD7608000-memory.dmp

Filesize
736KB

Download
memory/864-2-0x00007FFFC2E00000-0x00007FFFC37EC000-memory.dmp

Filesize
9.9MB

Download
memory/864-1-0x0000022ABCD30000-0x0000022ABCD58000-memory.dmp

Filesize
160KB

Download