2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13/01/2025, 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133812180076904066"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	HorionInjector.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 5136	4868	chrome.exe	80
PID 4868 wrote to memory of 5136	4868	chrome.exe	80
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 2776	4868	chrome.exe	81
PID 4868 wrote to memory of 6140	4868	chrome.exe	82
PID 4868 wrote to memory of 6140	4868	chrome.exe	82
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83
PID 4868 wrote to memory of 5700	4868	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffba50fcc40,0x7ffba50fcc4c,0x7ffba50fcc58
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4380 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5236,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4952,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3516,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3472,i,1528670358934761305,10764032325567381881,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
abcfa05cef1d26a4437e352e1d966f2c

SHA1
201db31e09e9d846267c388e6d2acf28bc5e2e09

SHA256
419a52cac8d8b9ff588b95107c15e423a5921403c271f61333f437dbb084963c

SHA512
d4130dab4f7967e860a2fda6a16d5325f57757ae7ae5c4d29d01dc1f420954b01dd27e16afc1ce65db610ad60b1eba0cca5b27862b8cebd54d8fa654c4cdc154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8a61af90d80d04c177d37b6fb121d595

SHA1
20d3f5e1efaa7b6d4749b6d72c8db0aa6697eb00

SHA256
863a1a5b4dafa66543a7c308d0c96af6ca04cc67cb414d16c93673f044de55f2

SHA512
4f3197ea941acd49983dde9976ce355610e24abdd53ccbee1bf284f1716421ed3478a7ca24979215559f2128e3358b9b1408503bd603276f4ec6d24919199a11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
080c81b66754aa562750371594e40bda

SHA1
055a7da1da8acb3c23f5c2331984983fd2ecf490

SHA256
6ba15c7e930d8d1d9c92951930c9af9acdd67f820757e23e1cfe0a43eec32aed

SHA512
b2dc89188334939bcc7787da6f8f45791e7614ce1e8875d3ffd2fe6a7a65533090462b53c4e1638e30ec332a9455cf3a5959c05dac24bbf7ee4094d9c7c8fe50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
36d468a0342841356875a8c6a5c36ce3

SHA1
2ef2746886bb22478e272742af9bfa39ac928f75

SHA256
3e1153d5b3cc3f90964f2bf0aad1b30c72461dd63c9e467d2a47ee08967b7b3e

SHA512
e8b902704d26ed4368b7c0a9191dca72a6c0dff9dee63c1f0c3728b7e460d2c75c7ceea91eaef7ce7119c5a8885457510149432fd61a7130bf902b28c622971a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6c240bf0-5414-48d0-8a0f-6ab57be5b697.tmp

Filesize
1KB

MD5
219d0686ecd0c9af9552ad3e9c87303a

SHA1
7e499d4aba3e183dd3997edb53bbf438d14a8cb6

SHA256
feddc69fc1fa61cb2f6198e2f7dbf966b5cb0bc9bc67e963146947fb956e38e8

SHA512
45e1c16627c917fb2794bd586c52bcc350829d0a84930707d6aadf9955cdd1c3ee34a48ff95be1fb362be2812b1e3a1225e2b6189644449b5ff50b32ff4da6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
93a4ab4dba1b631a80ad953a0622cc83

SHA1
38c967e15977a19a1f93da6aee0b8bf3692cf66e

SHA256
bb5d67e686744e794c164186a2ddca71f8a700c436652c3dda594185672361c3

SHA512
dd87eac5bb42e9f7da12d1897a79f8680fe749e34e5a64ef43b00427f2ec5b9b495d69091b09814331668f42d7a89c81aba393aebe93fbec628d740c261b0259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bf3aa91dab10606004e462a6fc625457

SHA1
d5f2c2fa7a4709d536cf3364c82cadf89b9dadb7

SHA256
295e8470ec38bd58357ae5b12f2ff1cc7a140898983716fb32ab330e56e66d64

SHA512
70db9e31d667368dcb0a7c7c54da14d2174402d6d8cba6fe67d7885ffac39c7f25574c53a3d65532bb0d560f877810027f5fb0578f4ed1734439f34fccb7421b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0b77d8601e01c5def2b2a294d816cc5a

SHA1
0afde3f34065984cc3100ae8fe49789a3d6dbd48

SHA256
072db8683b17bb584694bc72295d90934df5e2340fdfce17495cc914803a526f

SHA512
51a0638eedd75a1faf467a9552b57ff88773e3fd758f232f092697b1446db49ebb3ca5e4cc727392ea053ae2ab65f8338caf68c24e726ad1cec4a4e2b2513a61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9d6bc0751f288e29660a2424d2ef86e

SHA1
9dc28ce3e3ac4057696bb8e260fa877656366598

SHA256
4cf16d2469ec0a38c160cab5ce72015f55579ce2823b1464d8fbf771af28809a

SHA512
8a1e3f7fdf11745741affeada64ea8860349adb537ba6991890479e0a8daa143002483b293ace87151b85c7d8856108ddefa3f76cb07e8d8f3ce4289f12deb48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
69dbcbb41659930c2e80c90d3faa740c

SHA1
ff87b26d2ba7a2350eb27d1d0ca193feefdea174

SHA256
6d049f3947a56b1fecc829d927eed27b024e9d460a60ed044c496752f517b200

SHA512
c16d7189bf30fbc3f566468e4d575d5bd1bedff621b447e3aec204d5822469a6ef0163dbb5fa70ad091455b4a4ec6d0d2ebf543c59d355bf830954277ccda0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dd8ef74ab9f9ef0613e626e73f59443b

SHA1
c08398b3c2ad946e01555f3efbb5dc2d52f900b4

SHA256
43f69a43642197b31ea469b6d71f45b6015c8d01641c3aefd6f9841a262019fb

SHA512
5aeaa01f45c1667169b8d6287b1b05339491e0677e0b5a4b750a16662dd266e4618c6e204aa8e4b63df2e96c7f09f40f2bc4f18200d72b00b36100282aeb37b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cadb325787e29379f0129203a6a4c74b

SHA1
3be01c8b9d0f9cd62d2c5da15aed2566df34d580

SHA256
9014fd4619eb4f07e07203807ada94228acb96780bf47c58c6e3a0cc572fe874

SHA512
1db2ba3969f63baa8762b3fedc49401b57625ef9d35a46458b4d19f78f2b19ea2152849b5d7c65efc68d1f9673035cdd1303f19b31b6c8ccf301fa87f8f41746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba6801f7c9ba0514832ea4533dc15cd5

SHA1
18a5f0923e2a3617aa2b7062e4a49c9ae8d0f63c

SHA256
d15ec4fcd28c731208654caa5db4ad8fe831a49a96c2ce2c924216829e58a833

SHA512
31c1a6301366691b1d033efe1c204f0917b781b4eec726f1b9fbb5657e826601486fa2400152dcb9fc45ff5e51b175d6fbec8ef493594b362d33016c1812d8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84386de7b12853b0ac22e6c98f1fc5a3

SHA1
16f25dec9bfab86aafff5c0ba1a8650a47ee13f3

SHA256
33c669cb1bb9e16fe38eb6dcebeede6550472cfdf91348775ea01de5bef64d0f

SHA512
0fcea77f4166a5ed56a6a36e4478bbc1ef4c9eb2682682e0d2196dc69863b47d7eb1bf5bedc3586578df71bda0a10cd5951f38b4eaaf93e2581c3a7af0fb68e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
431b9d56d5b868bf9f0127e40834b56c

SHA1
435e0f8b17be69b63c77cd3ab583ec453369540d

SHA256
5011b556ea8badbafaece887f25b29660a99e6ea38753a7d1ebf2c7c58d7467c

SHA512
ee2ed17d42b766fa788d203147939780a8ad086418ced93805aeefe0b51100a8f5a46d1b6a620d519aba574a7ce50c9365680a5d6b81b145ab62551bef82aa42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
847ed8d08cfb8dcce3edc05f4cc53124

SHA1
468427ba80138b6547e69f62d4d02bf5f510a715

SHA256
f3a587df099feeba61f98e807fab23be1f7f8536829987bd7cfad5f399cc836c

SHA512
132ddd1da0041e21616f517ce9b576825edd446200718379726a69238c0d1a5a2ce6b3eb0422c6b96cec883b82c6e7d5d45fa724c00f769aee0819cf415c96e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2af7605b9d84ff2fe7e41c65d0d31d6f

SHA1
9adbe5064eb25abf6c560a25c874cf7e35ba9a25

SHA256
ef6355fab3aa6dadea12a700d80d1806b790e0c521953ca63882235cbb65a451

SHA512
d8f4ae46f67e78433ce488d23854eb58b73de686e966f6bbd9722de49c9e46d65701021cd4f351d54c6199a3341ec4b63cbdc860dc427be80e9135d473ec0b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa42f6996573eebf11ba2a6fcc6fb6a6

SHA1
d5542fa1e4e8890866a54acddb02dba9c86e13a2

SHA256
7b6f5c086b80e165515287c124093c329349a1be0d578a79f74229c53128bf61

SHA512
f14154cf76912bac8524f553dec03f6ba30025ccd97a8c1c4ac7220edac3a79222bab342b2eb91837b68b6f70d9d779726cfea15d4f4bfd687a12c60f8096c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc796bee12d46f392883a366b899f6a2

SHA1
b35d9e0b021bad7a112975c273ccc5e3633b6f1a

SHA256
9eeda31f5eaf99957ca2af577ae23249eca89bd5c0c7364fee14fa441b5242d1

SHA512
90d0b6a940fcf62df0aefa3bc07ac433bdb4f0ce644180ae5c1b5603e830f8c501cf8df5a67c4dc0b0b1d87516ff2e8d7c0a0838c2c861a03b4e4b7edc2e4f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed1cc924cefd500bac3cf8b36a5633ad

SHA1
5d776d79475f437997c66f2f4a1aab56b891873e

SHA256
d9e40dd8c440c37a75b28979b07f897ec54228aa809f42dfc0645da735414668

SHA512
07d27ba1d820ea4424cdb380cc90205d1e58b1c4acb6fa55b458d4fc3db26775f40bf70d6908d394482c02df8bd68ca211847ddd106f04104640ca8946e1f911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e55433dbabbf6af06002edd295e1aed

SHA1
dad81e122418e7373d3ad3384d8506b4bfc01f31

SHA256
b37bbd2c2f16605a8abd4bb04e49ad9f4da31c5a6bf8996edae71c111e66e3a2

SHA512
ae29df4d8f2c63e1522d01f7dde664e1e14748c7006f8f79944ed4f767aa163144086c9ddeaa8b8840f50eac58e69aecce4757c9ce001445ca3512d3d8bdadb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a1dd9a04b57536b384b4acd79c91f922

SHA1
53e36a49a800c352ed11064e1d0a8d9e32af6d35

SHA256
473a8164ef0d12b0fd20a35fe294ec6dbef4316ba168bc5bdbd2151efa1c0483

SHA512
f1fc11601c5227ee4a36231aaf780d8cbb5c7884f6130acef333aedb120ddf5103b920d31ffc1429a1ca48816656fb322c84a078c0d0aa03ec7067ae7654a46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8a8df01a6fdb64e960909658cd56d552

SHA1
d8900e270403bef6a4353e9d50e289ee9aee20e8

SHA256
34ae37f593afabf018354c18d63a764b508db28e836f10a49b39cc42aa8f26f8

SHA512
d2fae0c3b1a84cf78940354e1965c38be01ccc3e1ab7572e0e8c0a65269a1545e2ddefd063b68dfeac8e781f21ad4f2bf0611121eac1cb8889a6aede1f704c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
1adbe3f8059e541692ee7c54e50b4eec

SHA1
9584327bba33955a63ff01fb429d93d0ebd4d645

SHA256
34380d0b4b7e6cf36fddf3d35bfa926e6e8e4e11828c54b3367220e550a5a007

SHA512
74f57ab941d8dbe9bc05f5e6647b7164dcc603c6d4a49d3d2594838a240047c875963bae1cfe402cba38cd3a1534887dad1b585a52ed68ff537aa36066305d4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
465ac29ad5e82d2bdc95ce825ca41d52

SHA1
c3cbc86600f9a605a2082ca48cbfcff6e4047536

SHA256
cbe68cf32f1644d53ed0f518fd2421ec27dafcb1a5b5144e82cf8378e5e470aa

SHA512
0aa5b7d2f5b973baa70ac77dfa66b8ad39ca69fae2ad598b02ea42697b3dd6cbb4162c60115d8f1a87034923d520e61e63be481e5f021f2b2e586a42138a5302

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc193673-a1da-4170-b3ae-100a4e59086f.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4868_143656765\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1992-4-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

Filesize
10.8MB

Download
memory/1992-7-0x000001D6A9700000-0x000001D6A9738000-memory.dmp

Filesize
224KB

Download
memory/1992-424-0x00007FFBBC783000-0x00007FFBBC785000-memory.dmp

Filesize
8KB

Download
memory/1992-6-0x000001D6A5680000-0x000001D6A5688000-memory.dmp

Filesize
32KB

Download
memory/1992-5-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

Filesize
10.8MB

Download
memory/1992-8-0x000001D6A56A0000-0x000001D6A56AE000-memory.dmp

Filesize
56KB

Download
memory/1992-0-0x00007FFBBC783000-0x00007FFBBC785000-memory.dmp

Filesize
8KB

Download
memory/1992-3-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

Filesize
10.8MB

Download
memory/1992-426-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

Filesize
10.8MB

Download
memory/1992-2-0x000001D6A56B0000-0x000001D6A576A000-memory.dmp

Filesize
744KB

Download
memory/1992-1-0x000001D689FD0000-0x000001D689FF8000-memory.dmp

Filesize
160KB

Download
memory/1992-9-0x00007FFBBC780000-0x00007FFBBD242000-memory.dmp

Filesize
10.8MB

Download