2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
1267s
max time network
1168s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
08/01/2025, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808546445954572"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "31607"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1035"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "31584"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1071"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MinPos1280x720x96(1).x = "4294935296"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).right = "1050"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "31584"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "34747"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "5864"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "5383"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "38320"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1015"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).left = "250"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "22983"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1048"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "5930"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "5907"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "33648"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "5907"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).y = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2101"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "20289"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1038"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1015"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1058"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "34724"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "19245"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "20312"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\MaxPos1280x720x96(1).x = "4294967295"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "21056"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "20289"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "19268"	SearchHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "38297"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4168	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
3016	chrome.exe
3016	chrome.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4436	HorionInjector.exe
4688	taskmgr.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe
4436	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4436	HorionInjector.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	1404	chrome.exe
Token: SeCreatePagefilePrivilege	1404	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeShutdownPrivilege	3016	chrome.exe
Token: SeCreatePagefilePrivilege	3016	chrome.exe
Token: SeDebugPrivilege	4688	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
1404	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
3016	chrome.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe
4688	taskmgr.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
3912	SearchHost.exe
4168	explorer.exe
4168	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1880	1404	chrome.exe	80
PID 1404 wrote to memory of 1880	1404	chrome.exe	80
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 4824	1404	chrome.exe	81
PID 1404 wrote to memory of 1444	1404	chrome.exe	82
PID 1404 wrote to memory of 1444	1404	chrome.exe	82
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83
PID 1404 wrote to memory of 3980	1404	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4436
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa24ebcc40,0x7ffa24ebcc4c,0x7ffa24ebcc58
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4588,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4260 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4256,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4320,i,1247691453922386577,12958282633742000003,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:3188

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2720

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4980

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4592

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa24ebcc40,0x7ffa24ebcc4c,0x7ffa24ebcc58
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1304
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6873e4698,0x7ff6873e46a4,0x7ff6873e46b0
    3⤵
    - Drops file in Windows directory
    PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4288,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4416,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5152,i,15654093419698793767,10231915460866060553,262144 --variations-seed-version=20250107-050125.110000 --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  PID:5112

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4688

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
11d253b3a6f1f94b363fcb04e607acd2

SHA1
9917081d96e0d89a6c6997cc2d4aad6366ecfcbc

SHA256
20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff

SHA512
101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0cf225cd-b8d9-4ff7-bf21-ce52b45fa484.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d4288d42d5301a258fb5f7835aa95c9d

SHA1
8ca6b5b50b18f3767e9161cfaa1f97b3044551d3

SHA256
5f77526de07ec8748ea1dc7ffac2c0bc9f82f7e67e4ae5962da9e23f6d4ba9f1

SHA512
f57c85e0ecc1b188d29020aa673aacef4ac1c59f3740b3f9ac5624f7ae58b69e032551481c762642384c19437925ae8e6255d8d7080990d7013922b1cbd00a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e52717641b5547fb3553fabb37aa7519

SHA1
14c0da44661ac0a1d70135083f00eeed3b6dad36

SHA256
11da213b309480cbadaa19f0506856c3cc4a06fad3bca3d4fc29e5a105619e90

SHA512
c5bd347fe5da77e7e7ad0098d0e842d910b950e9802b9cf028f20a188eab1293e962f57d4208b31865b02e685d070b4325138925f7559c385f1f21aec7f3e463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a311e4822fbb00e2ca75e09475b3ffa6

SHA1
4e52c2ff31996acfc6b908aa53f0f44bc4f65778

SHA256
be7fe5836a949ba118cdc7381107234c147cad23be2642962424b55f13fef1d1

SHA512
40f9f4ac34746d3eb3e7336f6225c980d577c91a3b1ccdecee6de42180ca5a6d8e6bddd26c219879c983ab98c9d116f82108f4619220614c86382031812bcd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
604f5362149ebdb03002681a2fb259ec

SHA1
5b949690e1f95cd7ba061dbfd4e75cd8758bbce7

SHA256
2053996bbc4cd8966b2813840091169f18be7e50d208a6de43e49a23ec0f4400

SHA512
d4c67968b543e5a4b667603e07df188764f49440ec6918eaa18160f531a38ccef2c3ec9fa3a813e125267e86f6b93c4d57239dac1abd0a322acadcfd7c4304ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
02d334bf575dc962f02c8cbe4b66fa1e

SHA1
62d640860707b77d0ffccc5f37e64b0152cc589a

SHA256
175d18c61def2a7a82a0a3754a4e789b0383be95ac2487b59fb5086a62e3de66

SHA512
d0666158960d1b10fd997de6eb2923fe4fca57a20b7d874ece6ebd98e5eb2198b189e774d399d62b66d0646146601cfa5a9fe3ce050648c0fcaa4fc86255a5c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
8bf32dd0619e08f197ed3eff51e0cd67

SHA1
642d0de8681e1db6b55bcd43e01f1fbecbda2a87

SHA256
be37ca1a8696a3ccc68d9b9eca63e1f564f8995566f2962619a97d108780a961

SHA512
73a2f35ca5118307d12c4932d9c7895bc76dfe119d6063669ba44bbcdf5b8b5d165aaa1eb5e881181783fe6fe4f25d47ba1bf74003723f926e46395c4f54e563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
026c5c2320a42893f2f3fe452762b161

SHA1
af45ec958ba0c6512ffaa1320546b5a04a524759

SHA256
5d77b740a367199fe1998bcae4be549fc9b9920a9454320f75ace31f47c81654

SHA512
7d0ba3fefe159e3714a3b14088a74188c024c0d5346fae040f1ae3a52c4b2d48e315708ab4b51d4dff3aae2063b63b851537310fe1214fb9623f81ceaec6c022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5262c421d9288f85c6a84055c9897986

SHA1
214f0ceda0b8c9c51f747e70e4410aa8de349505

SHA256
fdd3c0dc1f4ac54b441e802804f4b2ed551c8e401dc87c87878445e24e2cd69b

SHA512
b3806a4ae3950a8c736a096402cacb899d38f54d9f9dd59e8f80fa7f8737c367ffeb4b2a518e1fcba5b86b88768a0ecfe3435faff6fec91ed3bbe594a2232647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
52bb6b1a8d9db924fcb2ddb45668fa72

SHA1
12996023e66ef0ae44d4e8a36c5d6f1ec78a85e8

SHA256
ae324698ce5ffcd56026f3de4c29ed754e9706f1ae1029a0409b4a3998128b52

SHA512
944d29fee61a718410e5a45bb55008dd2a7b9107380def625768c849b31c325c9592795c53b7d5818e883c791d7c6e271c1691ae0805c557ab9f1d0c2f9c36f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
cfa172a650b84b3abdbcc47097ea7b57

SHA1
5b45943b506c37225942826c102fcca6bb743847

SHA256
74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

SHA512
fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
d402f7620bc66805bb92f7dc5b7f4ed5

SHA1
dd737db01670a6e7804db73e6a41c3df76e517fb

SHA256
698111297b326938f5bd3955f8f61869cd8605a9a3c36949a16c602f5b1ee07c

SHA512
9dc854ee895556e85d71c4e555c1dc3a5c7739aec598bc35e2bb01a67a3b306d614391b0a719da6aa4446cf764364375bb9d93b30fa497552ec95289470ef394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
f40a27c169bef85bd34fd1bfa3b532e9

SHA1
d4a6549d232579d01ddc4e1bf1c1c18293649ac2

SHA256
256de7c01f6484b07151d9e171a49da8631a29f908e95883782aba5a30ea4951

SHA512
b894aad83e2e5f8ab2c63cbdc42f4e22054b911d25783017562a2ed855e5dff38066574968c8e9b5563de97c915b7e72859a6a4752b464712b4fb16ed67520fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1df81a4e937d3dd3bca0ce0b17e3f895

SHA1
0d3bf380149e2bebbc3f05edca1938482c570267

SHA256
63f7b0431067441d726abbc81496004a9d8927a716d9d12d1ba93ed0776b97f0

SHA512
f0737b5cbd177229b7f822b6655f93a412cdc6d95d8c55bf0d4bd93119ce43d59c5e2718b1603e99c42b5eecc9c2cf1579245920ad05609d672efc4a18d3c560

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9a843796e2855895e35f4e617bee9edd

SHA1
3ed21f8f5069ab45a7384671601ceae385fddf0c

SHA256
2fe80f4c517c04f9bdea721f702e3e8158c00985ae678c3830891b6b59f2d98d

SHA512
7ec106f7e676ddc6f9c5f669c4a575b7628f603cf51923fc4407f18ea53952c8716f7cd544e1be0ee69292d1c7d385ea2f95a2e7fbb71b72be1a7081ac520aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
f8fee3f70c30fc9ad75761365fffd3e5

SHA1
6985e172ed77fb4c7f831a3062819be7bee96e3b

SHA256
d4d812cd1b58d391e0f94d76668e8e829a2fe6f1a03257560147e2212e86497c

SHA512
16571fcdc1cfb174ca5907adbbfde13a459f177c1b509ec8ac3064b262aa5f18cc0f1a5e91d462c6d41e7b9a229fe454aa715f6f9ddc1fb3f4d5bc325f991412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6289d92401b5fb615167953ac3d3121e

SHA1
61803298b75bd22b96c60dc170c24d053778b83f

SHA256
013cd95545885a48e8c8c399d98dc88a00ea2d3ac2974ada690b96c0b8ba4dc3

SHA512
f2fc851da21e938f377a0e156895bfc615b3ebf79f949ac37169accbb454f69b6fe113ef7b22cb50ab6d2366878110c11f2504b1007c91da3a8d6cc90ce1b18d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
18317a5fd233941f3cfc918c690c775d

SHA1
7d85c0e794d8df1404403f967fa021252ba32973

SHA256
15f4cb569378be4009fb1fc5c1ab9c3c7efde57d31c93b649a0a54ecc3189fe6

SHA512
5851a8c06d460e6d8a7ccc9770a7b9859cc5e1e7e44e2aa887660069f435d80c2404234ca72f5c13343f38658f3922767b77af7790f2a84c2b3bb6d46cf89b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbc627ad0d0ddb8ddaa5d8bfea6a607f

SHA1
badbc5e48c5e14770fe3b99c3d0b4973d7041bcf

SHA256
95b9e8eb5adb27477bebbf60c198e3e372c519a8e19b1a8d2274252c71a91df2

SHA512
c84f0f2ee6ce717e7a9b891bf34da7874455eb531f7fa4df79d11dfebae1daf89fcdd453ba313c87e95705fd7c8389495216b6864f717bf1de26c1166b336cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30740377178a6965bd416abe50a0ee08

SHA1
4c1dda02b3cf1a8e74d5d8102b8e26c7d56c84a2

SHA256
77a3a9a6d23b34ce3ea40b6c8a1152acd5873f61a93e2ca080aed7bd0caa1349

SHA512
706992178e49462673058022fcbf8db19f6d0b56b03c7f6bced7641a500ea6cab8320d8a76d669c9719dba12ff872fe62d24f11d961024c48200357c2822f394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e389c02867137332b79dfab2d5696320

SHA1
d965575385ac3184e515712620ec1c8ac9b7992b

SHA256
c5ac50f60aaa8d5b78b14312db254a59de198d434c8fdfe2abe4b82130ab2246

SHA512
05c532bbd95874dab3eb0ef4fd20a479d9cb2269db6c8bb06115d2142b3b31dc6aeb6cff1ba246bf639edcdd95d8ac6c675cd0168d8bc6db7b617d6b690ea846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dd5bfd8e99d29973c95ca2dcab8a4aac

SHA1
90e2fdbdd599154e7610bfb589461e26703b99c3

SHA256
5d1a861460bcbefc40ab5352969361b0c9fcc08145990b096add16b4a840fa00

SHA512
2ab7597d4cd437d7856710cc41dce4578ad50a71241610f3b5628fce04a47c29fcf88bbd9f425e99a3c7e535c25edf1353ed0331b4d3a77c9560a749df2737ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a46df1c26a488d1ffbb84dba67c94344

SHA1
6fb42b41a4173d18f1bafdb130e52186af7fbba0

SHA256
00eaa2c80b4a6a0b057595bdc7fd99fe7744561e7dde48a94b404a46578d0420

SHA512
389c564c58e143f450a3944cd9d5fd5ad97af2327175fd8eee2355cb85f162d02a719eca9381372a1a2bb34938175f9f21016fdb62e12c46bf1440a51230fab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
d6ed1fa73f905e6385b5e1e80287b745

SHA1
6b1deeb930258c770c1cbe52f0ef4c1a20ac6baf

SHA256
cc587fbd7cb5edca7c0632b2e8981b6b282b6374a891968e8eb4a1abe4cbe10c

SHA512
9cc3b465a9b681da229ca9d62bb9468c66eb429b520c180d6793d24bab10ebe1ebc0522f5d9caf679a96da20bc3fc2f716ef855b20c17b6406d41e929c67fc2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f1fd763cad14e82881ea8d9cd3c4f014

SHA1
ddcb7a5b27860571480f5a81a754a330890a5372

SHA256
35e51678622651c053145921c412ea35ca25c7b778444e4e3cf22d9f54f94b83

SHA512
f2c0f72ad48b06ffb3ed842f7e66306ec37ee53c0542304c77031bcc8020723dba78869959e83bc99521dacd28f879d1aa4d7e637a9acfe3da50438b23a876c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
06b6b0b5f4355b2afb3a062549c9b100

SHA1
0e334d36c347dce872c0bd91142f5c07a904aad4

SHA256
ced6b6a0c018f299c1262bd2bf615e3d0d37d11adfb0a80f4101fa81d1767879

SHA512
58409c179efda275e76fa6cb64c12ea880d63866ba820ce774539112750634c9546f198951a0c1d1f7feef16008b74e68ed3e5fe8d0cd8e8c1c37700cd9aabe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13380854643737894

Filesize
2KB

MD5
54d7ac0b7c3959e2f5f1b810955dec26

SHA1
990f955820fcdda549de37b58b60e0a4d984e0ea

SHA256
ac985b08be88634bb2493bd19c990e7753ab58ab41b8364a27c52369e3f17218

SHA512
6e8594843e4ddc008650dfe364b77d880d22bd57aab533136795531bf6c70ff0e05d26a26750287baefce5c2e70489765a1ca78c843fc72812087c8c37affab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
094b92098315320cf16d303c95fe9608

SHA1
7395f6e89d978a8b5dca0f3c17623c29c5526079

SHA256
48d266913bdbf50ff0f001d0460ae116282106aa120aef1b3f119389f49bae4c

SHA512
88ad2f571b70e2377b5ae7b0c07f943965221e63da44e01b72fe13b33dfefef58dc6e5df0409d29136e744a28169189977e97fdeecfd6c74d78752005d087fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
9e8fd36b715a26889db70afaa0d5598f

SHA1
30506505ee84ae387930f3dd1e4845f4f95c3f2b

SHA256
577720bbaa4495fde16cc5e295b0f84cfe66fc465451eac66739ef1b1600d1a5

SHA512
988d891f15e33053387a44145d487d977b176cdaa70f7015ea5743ce99f4ad39b4dc97ec442ae3d165b1ec7a1a2f797c7878e783c3bc8cb0598d96be6bf7df57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
2ba0d6bc0e682466c18f293a79070683

SHA1
b3b6e33bcb641fc1c13da874ab65ed51a8788ee2

SHA256
82528088d97488a347e60b6e2609574152819d388f815cddbfbb1d2e1f7d8229

SHA512
193cc7ae1801e1c8eda5867c2ce7796b973bccb77f3833c4b427c391ff7bab824caf6ed9481e273e3d3a5639850417026e7875d760708f721eca7e0b9b16a6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
f91685a08ca5727e600f69c23db641f7

SHA1
1cd18b07521a2fc545bd1ec95bb53a95ac18699e

SHA256
8e982838181a4f10c284cb35fcf7af2a207697da841b04bf09cf60d695908e37

SHA512
f277fd994b9cd0a7cdb01701d3dd1f10709f2253466671f97eaaa524b93b7d08740d447e98577be0368f5fd0e6463a4f206df759bf8267ea00558610df3f9bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
15KB

MD5
3172edebb0ab251f2d5157398cddeb23

SHA1
dc0913726eb48d652f41f130b4885ccd73714535

SHA256
5562a58eb1c578bef379b1e18301f9735ead8aa210a3a0d752bd001c59076d54

SHA512
411834185d26117e5f2cd7afcc39cda8aa77dabe0d0d620f570fc95847876cec201d854f1cad2fa309f4711d1d05b2f5b442fc3718981ddad7664f964885cfbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
4998679026b0544f9952ebd4d2a98f50

SHA1
9813585a7188d0e5f8b954b21510bfb34b587b51

SHA256
1cdb04be97980b8334ebd7b66e17b849750878c5ea0ed191ec1d01aee562fef8

SHA512
2d4f32deae9f4dd69702398066c94f994a40593705ff4a29eb4b65f0d6483788612b2acbd8d4d1a8c405df2029ff3a2d7a1821ab318aff123f174bd2e5d9693b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
ace12e0f994a270ec44d4a814423de21

SHA1
787cd1129ed7268e96d81f618aa9c6ca7f1cc345

SHA256
d5f28f451fe47fe914b56e854bddb0a3ad2574c5cce20d00733f1f10abbf3089

SHA512
8f5f5bc96bef4a5014cebc5310aa0ef6a4c00f474c26ab6497a75a1b85b33aa8f2d28176f452e6d9df6015678bc6f1b45c6dc3b07c56bdeb5bbbf62ef9a44ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
2d0954e155e6f56acfc2c7b5abbfa2ef

SHA1
83e302f639ce7df83c7ebde6f89c1479d692a8a5

SHA256
6ab4bf236ee5d345b5049f708afed8f341508b830d3f10fdf8ed7bdd829e9aee

SHA512
c9293f32ab45f6749042e2e904ec92f47b738d18afd66152a98eb3937df2f49a568edeed4794d0b34b5137add6f501e7522ce689664287bd10d2e4a721ac392d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
155ec7855af344a1be0506e2a84748d1

SHA1
7a96868e341ccab4e459ecc90d67ecc120279e68

SHA256
f3326740a61c31e687158b00fcebbde2467dafd0c6429208095ce4d7845a21a0

SHA512
7fbf2105d301b96eea2c8e9cd9f2f3db93fb99e0e94dddc141b8fe23ca2fcd9a7d2c3f11eeeef761df22f8e8d76f3c7f39c8286c6599b74d6cf7b0b30b5d3d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e20cf3a3122f48ea45c6d92e0d1dcc9e

SHA1
8ed279681f990c7c76ce6120c5e11e176d2c73df

SHA256
9343c54fdebd5fba225402b25a81f108804980498c77ab496ceda59befb0d04a

SHA512
053e9ec9722c51c10121eaac8465472a7a2fced7ed9481f47ad7a56b243f10a2784ff044b9769d4a7c3fe6140a4f58db4fd9bb43a1a6cde00e53f943093f0f3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
0a10acef433b6d4dd622a083fbb85442

SHA1
9a19aaa7c84819d3b95fe8b3eee197e945233b6a

SHA256
47ece6ec916e20cc134d1a859fb3d68dea73dc13621cf7868ed82de9c7d216f6

SHA512
79a0e1702bfa2ffbe73b725ac54912a42d05f48ee7e2eff8ac4e0c42174a351b66b0e3f1706d61d3ff50efa7717be9431c5867589f3972dd0f3dff264c8187c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
85fdb23180c7a517f74af74c326826e1

SHA1
b4aa5c808dfe6211c1eb37d17377ca2e81b6e744

SHA256
c13d01bf07fd1047e44c0cf1d76516e191aee719c1caffb45446c45c3a440e6d

SHA512
41a4b1aa34b8131a44adf76d3bdfd2143df8c07927490f31018e34e3056446e9d238054af091559c43112e5d3a3ff1534c4c7712ae4b0e47539246ba4086c680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
639447275aa1fda573b3bec0526569fd

SHA1
58760098c222ed06e43544fbd61475aae6e3f47f

SHA256
6c9aaf699888c25b0197bcc5d91ae4ae724bd2c138476134bd7effc7374d0571

SHA512
22fb3545857a8cb85719736b84ccdcfa7648fd627068e0974ab49157567746b1a8ef40dd88e8993e99c55ad40efae53a7f992459b04aabf366807a18eb6a857a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
c99d4e9910979eb11df4f4f57ecf09db

SHA1
5a0987d255832a6d732a10374ee72d6f56cc9049

SHA256
e39c1d09c7dd28806d2ec13c735fd5c472413d7e181770e5d6c338786c44d084

SHA512
31801fc8f20e24ad25fd1a556a8bcf7cdee44e21509a41f958fe14b85a9d096c2edfd65385a1c3b0770892e1dff70e1ecda17cbae2b56f734f37879513e19987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal

Filesize
12KB

MD5
c60aec50377ed9eaec409a23eae8e8d5

SHA1
4dd97309403fe75cca14ac629c25ee7b88c63e77

SHA256
3fc45ea37dbc3eb6b07556a69cef78906ad5f1ecf98aaaade4bcd5401f5101c2

SHA512
30957728fe93bef1e331685ee375650167f081718ada2cfbf0cc241ee56b43dfa91043fcce76636917dc8e2227f8688f6e94673f3cca4aea8ec4068b9a6608d5

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3f5d4347-b7e0-47cb-81e4-457140e18435.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\JGX6DE9O\www.bing[1].xml

Filesize
46KB

MD5
fd3150606cfb308da82ea57f8c2ca3c4

SHA1
eea2614943ce59e5c01f6506348fdac64c89ca84

SHA256
a3167fe3530d0930ca2ff4aba96c9e23fd15a8d3b28abc31e56d99af7bd1266a

SHA512
55b0f3f9d3773044aa39ad0aecb396d8f36ab3d6185bc32bbde8e31a6c61d05039541e2c13d5fb1882e205789221b3b14dcae92dc04f2348b3ed09bae004ea14

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\JGX6DE9O\www.bing[1].xml

Filesize
37KB

MD5
a3fdf2adcfb0bd5d1e9b6727336a0c35

SHA1
84b6fb8c1625725e6781ece5a397ac2fe1860975

SHA256
ddc994bb58585954ae9ee019e4a4bd88a8cbe80029b0342ff911ec65664bd116

SHA512
ddbb33e6528de44176b3782963b9ccc10d6d38cfa98b7915daad2cc30a2e73611c98afbbc2bdcd8f8a0581942211ec9e2ee369293d0d688027ba2157ac204b2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\JGX6DE9O\www.bing[1].xml

Filesize
3KB

MD5
dcc13d57468f6e6e3c92114d6b6ec20e

SHA1
059063e63208fd60e654b481ca58dba9cd5af422

SHA256
4b422c9bca1d7c4c18c025e2c3c893f5008eb500b3cd4baa8cc9dd64ce993e30

SHA512
5dbb594be626ec0f02e50634a98a784c37486ab12f06399dec2f57d629b7621e3e8e40d44f0985766d08d387451e7671cb212838289a617c8c693f7ed73b8e61

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1404_739415730\b1c3fafe-0978-45b3-8c0d-0717bc4e5eec.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3016_360903476\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3016_360903476\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
fdd84176e246824c748bc9ea6bbc3653

SHA1
4c2fc398308428a257d743153b3a2a90fc79b3d5

SHA256
e2acd1525dd716d55462f73a122e79070d0b12f2dae3da8b4b83d5ce59e568d9

SHA512
da48ae01704f3fa61fc5684f9638177d511fbafc3c782f9d61066e18fa82a036c25c4691f73d3266f53ed496f87b6484195370f39b34248acec16c3ae3d635fe

Download Submit
memory/3912-2532-0x0000023E71CE0000-0x0000023E71D00000-memory.dmp

Filesize
128KB

Download
memory/3912-379-0x0000023E73600000-0x0000023E73700000-memory.dmp

Filesize
1024KB

Download
memory/3912-283-0x0000023E6EB80000-0x0000023E6EBA0000-memory.dmp

Filesize
128KB

Download
memory/3912-284-0x0000023E6F5F0000-0x0000023E6F6F0000-memory.dmp

Filesize
1024KB

Download
memory/3912-2357-0x0000023E719D0000-0x0000023E71AD0000-memory.dmp

Filesize
1024KB

Download
memory/3912-285-0x0000023E6F320000-0x0000023E6F340000-memory.dmp

Filesize
128KB

Download
memory/3912-236-0x0000023E6EA00000-0x0000023E6EB00000-memory.dmp

Filesize
1024KB

Download
memory/3912-2088-0x0000023E79220000-0x0000023E79320000-memory.dmp

Filesize
1024KB

Download
memory/3912-2356-0x0000023E6FFC0000-0x0000023E6FFE0000-memory.dmp

Filesize
128KB

Download
memory/3912-182-0x0000023E3B610000-0x0000023E3B710000-memory.dmp

Filesize
1024KB

Download
memory/3912-451-0x0000023E71100000-0x0000023E71120000-memory.dmp

Filesize
128KB

Download
memory/3912-2330-0x0000023E6EA00000-0x0000023E6EB00000-memory.dmp

Filesize
1024KB

Download
memory/3912-2292-0x0000023E79220000-0x0000023E79320000-memory.dmp

Filesize
1024KB

Download
memory/3912-466-0x0000023E75C60000-0x0000023E75D60000-memory.dmp

Filesize
1024KB

Download
memory/3912-843-0x0000023E71080000-0x0000023E710A0000-memory.dmp

Filesize
128KB

Download
memory/3912-2086-0x0000023E79220000-0x0000023E79320000-memory.dmp

Filesize
1024KB

Download
memory/4436-8-0x0000028A4D390000-0x0000028A4D39E000-memory.dmp

Filesize
56KB

Download
memory/4436-6-0x0000028A4CEA0000-0x0000028A4CEA8000-memory.dmp

Filesize
32KB

Download
memory/4436-3-0x00007FFA38A80000-0x00007FFA39542000-memory.dmp

Filesize
10.8MB

Download
memory/4436-4-0x00007FFA38A80000-0x00007FFA39542000-memory.dmp

Filesize
10.8MB

Download
memory/4436-2562-0x00007FFA38A80000-0x00007FFA39542000-memory.dmp

Filesize
10.8MB

Download
memory/4436-0-0x00007FFA38A83000-0x00007FFA38A85000-memory.dmp

Filesize
8KB

Download
memory/4436-2-0x0000028A492E0000-0x0000028A4939A000-memory.dmp

Filesize
744KB

Download
memory/4436-5-0x00007FFA38A80000-0x00007FFA39542000-memory.dmp

Filesize
10.8MB

Download
memory/4436-1-0x0000028A2DCA0000-0x0000028A2DCC8000-memory.dmp

Filesize
160KB

Download
memory/4436-10-0x00007FFA38A80000-0x00007FFA39542000-memory.dmp

Filesize
10.8MB

Download
memory/4436-9-0x00007FFA38A83000-0x00007FFA38A85000-memory.dmp

Filesize
8KB

Download
memory/4436-7-0x0000028A4D3D0000-0x0000028A4D408000-memory.dmp

Filesize
224KB

Download
memory/4688-2290-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2299-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2298-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2300-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2301-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2302-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2303-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2304-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2291-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download
memory/4688-2289-0x0000024F87B10000-0x0000024F87B11000-memory.dmp

Filesize
4KB

Download