2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 17:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685617659854988"	chrome.exe

Modifies registry class 19 IoCs

Processes:

explorer.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{3F3A123E-DB5C-47D3-B3FE-243F737FE229}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	explorer.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1724 NOTEPAD.EXE
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

3660 explorer.exe

pid	process
1724	NOTEPAD.EXE

pid	process
3660	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

HorionInjector.exe

pid	process
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe
4924	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

1116 chrome.exe
1116 chrome.exe
1116 chrome.exe
1116 chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

Processes:

HorionInjector.exechrome.exeHorionInjector (1).exe

description	pid	process
Token: SeDebugPrivilege	4924	HorionInjector.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeShutdownPrivilege	1116	chrome.exe
Token: SeCreatePagefilePrivilege	1116	chrome.exe
Token: SeDebugPrivilege	4956	HorionInjector (1).exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe
1116	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

explorer.exe

pid process

3660 explorer.exe
3660 explorer.exe

pid	process
3660	explorer.exe
3660	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

HorionInjector.exechrome.exe

description	pid	process	target process
PID 4924 wrote to memory of 1948	4924	HorionInjector.exe	explorer.exe
PID 4924 wrote to memory of 1948	4924	HorionInjector.exe	explorer.exe
PID 1116 wrote to memory of 1420	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 1420	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 3616	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4620	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4620	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe
PID 1116 wrote to memory of 4504	1116	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4924

C:\Windows\explorer.exe
explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
2⤵
PID:1948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1420,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
1⤵
PID:4572

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff85787cc40,0x7ff85787cc4c,0x7ff85787cc58
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2520 /prefetch:8
2⤵
PID:4504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:5148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4476,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:5344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8
2⤵
PID:5712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5188,i,10500825478862673580,6059397737245271033,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4672 /prefetch:1
2⤵
PID:5840

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4724,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:1
1⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5144,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:1
1⤵
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5600,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:1
1⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5748,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
1⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6188,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1
1⤵
PID:5636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6012,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
1⤵
PID:5744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6416,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:1
1⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5656,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:8
1⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5676,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:8
1⤵
PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6636,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:1
1⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6860,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:1
1⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7012,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:1
1⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7176,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:1
1⤵
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6704,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:1
1⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6672,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:8
1⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6692,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:8
1⤵
- Modifies registry class
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7576,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:1
1⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7812,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7332 /prefetch:1
1⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7400,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:1
1⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7716,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:1
1⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=8096,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8116 /prefetch:1
1⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=8000,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:8
1⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=7984,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:1
1⤵
PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8484,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8788 /prefetch:8
1⤵
PID:5984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=8972,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8856 /prefetch:8
1⤵
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=8188,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8124 /prefetch:1
1⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=7592,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8840 /prefetch:8
1⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --field-trial-handle=9012,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:8
1⤵
PID:5676

C:\Users\Admin\Downloads\HorionInjector (1).exe
"C:\Users\Admin\Downloads\HorionInjector (1).exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4956

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\HorionInjector.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5912,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:8
1⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=8448,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=8184 /prefetch:1
1⤵
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=6412,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:1
1⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=6020,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=9092 /prefetch:1
1⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=4372,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
1⤵
PID:4688

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
fd20ddcd95e42e4e8db5dfa41826f93d

SHA1
8801eb9d3588d44acce929790270a058420a8257

SHA256
5a73ee45b00612f96b0f435bec2fea5ad5b9a579c8d594897858e1e669d64091

SHA512
8b9b0600d44f13e86a0f6def2ea13b98968ad3877b40a3d57ca844afbc5ba4003442c68a1dcd9e166183c8ce5d47b549eaed4c49f81ce9f7c4a8cf026bcb0343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
d70716558fce316a5e5b748210fe49a6

SHA1
c27e34484aea3baba6794b517cdb9bc495c352b1

SHA256
c5d6357343110c3e40959aa6d59eb5c9a4793f300511486449581b5e6d1b40d6

SHA512
4e666a3bc498496740433b000dad08bf160fc035b0cbf1e88c949eff9dcf0be650420f64ea9b4816c84c6dd9044e1241d366342805d70ead4124abd111dc783a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5d59c274a262c9195dd6280d179ba151

SHA1
08e087b2fcc5238f24ce3d54a9f4c31f591d92a3

SHA256
ccf967c825a4798502cf56e464bb4f1869c9ef6fea45d4c359ec3f3fa503cbf0

SHA512
926332172c430e8812266362af6c9d0f114092d375c4dade68e7b4f547d86531062b51f650f9f6bbbb62aaac6870dd8de42dd5cd5db65c8b99803e4f25a66478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
10f910b39779038833d9d319ba02f132

SHA1
8d6a0c7f4296eacedf89d633f11cb216628eb69d

SHA256
5b48b0e479d1ded4ee2eb231347acf8e14c6844ceb6b4a2fed768663906c380c

SHA512
2693967462cd6169030e0feb438f3741f557f33cb99dc9406c5d93f0ea6f350c129f6d2a8c0efd3c9aaeee8eb5fe06fa907e6ddb18586de3351abc205a59002e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
76f99c93b791b24093812da724855da9

SHA1
0d995af09beaa9dfba9d8ebbf3603539e27784cc

SHA256
1fc33ebbbe07302c67872b4b65586107e0df435e9161cf06d3024dded72fa1f2

SHA512
2ac164e42769e7ed67765a57ec178a02d0932fb533eaf629010e7f10b428773a6744f5babf366e079b52527d1ec06eb8e6c9e08642bc36dd94021b73a3ad4dc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
11299036f79720356357ed62a62a0c34

SHA1
a63c71a2ee0d0662732be2459310b51e7362f24a

SHA256
97648b529b4a38c0e71c34df6c6b19b3aa2361a23e30728fb1db171fb04da676

SHA512
23667109329fc9a110838f28caac46f45663bd357ebb46fef10e4a7f8b733ae09347233c2f9cecf665b9edaace66549f373bf4d030bcae79b3f0154ce8bba953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
9c31633d4b1749992405810804a193a5

SHA1
03558f56588dc750bf5f4d0763672105b6a058d8

SHA256
392a209b47938a87b4a2d2ad94e5dda4e42b8838c9329e29e777a868dc9b2853

SHA512
3b25a172c1eee4e3a463ac8fdfd26702e5131e510120b9dfea50c3d319d4a900e65d89d251ba0dd4f3c32eae97c29d180db4b162d3fa5c9d03289778e8ef5e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe2fd141-9c0e-4583-b6b4-81de7adf4d87.tmp
Filesize
8KB

MD5
71d52771d8a51a87021d0b3ac052090d

SHA1
41d3ad9b66d893bde96961c5212b7dc4622d9d45

SHA256
e788b980ff5d9ff8ddec47c16927f36fbb18e2d5d60a49876088402489ed4fc6

SHA512
7b1cd939a2e2f5b9006579886cfaacc664b1de9ea97493291b1f1cdd2a305e281d9dbb57547b47f88742e172faadb4ee546d0bcde9e15d8e245ea82a0c292684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
402035dd5d3c07e30b0592dd81707cd6

SHA1
956e9fb3158b25f62b9c4262074f14cefe53ef54

SHA256
b12e6def29c2be9079d312534154420f77e85e0abf9606ac286a694d05c1c1ac

SHA512
10d9210fa02f5ec824ba82c1ac4ffe70b56fca7a7cd5fb322323e4e0a8397823759beb44278a4f055dd8801ca20a1f7e5a6abe03ecdfef0db08990a80e2bb952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
c0787c0ec74a101f8ca6d83dc9e4afe6

SHA1
923751b420b9a70bdc847c674e3cba3c33362d00

SHA256
8f6b729fde6872ed011e7202b134a8ce06d852ea3de2cc7537126438e8cc042a

SHA512
af5fe3607cd0c0e9915de80f41466426c68ab60dfca4a59b4c9b17eb275ae4cc89b829cddc72775a13fb5df693a8ffa58d6aeaedfc1d7ebc6e2d840acf672c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\crashpad_1116_XJHMBKFHIUQNIGUT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4924-7-0x000001C9C4430000-0x000001C9C4468000-memory.dmp

Filesize
224KB

Download
memory/4924-6-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-16-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-11-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-10-0x00007FF865963000-0x00007FF865965000-memory.dmp

Filesize
8KB

Download
memory/4924-9-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-17-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-8-0x000001C9C3E80000-0x000001C9C3E8E000-memory.dmp

Filesize
56KB

Download
memory/4924-0-0x00007FF865963000-0x00007FF865965000-memory.dmp

Filesize
8KB

Download
memory/4924-5-0x000001C9C7AB0000-0x000001C9C7AB8000-memory.dmp

Filesize
32KB

Download
memory/4924-4-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-3-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download
memory/4924-2-0x000001C9C3E90000-0x000001C9C3F4A000-memory.dmp

Filesize
744KB

Download
memory/4924-1-0x000001C9A7EE0000-0x000001C9A7F08000-memory.dmp

Filesize
160KB

Download
memory/4924-207-0x00007FF865960000-0x00007FF866421000-memory.dmp

Filesize
10.8MB

Download