2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
150s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29/01/2025, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133826483523186034"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe
2192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1692	HorionInjector.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe
Token: SeCreatePagefilePrivilege	1872	chrome.exe
Token: SeShutdownPrivilege	1872	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe
1872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 5028	1872	chrome.exe	81
PID 1872 wrote to memory of 5028	1872	chrome.exe	81
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 1676	1872	chrome.exe	82
PID 1872 wrote to memory of 2432	1872	chrome.exe	83
PID 1872 wrote to memory of 2432	1872	chrome.exe	83
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84
PID 1872 wrote to memory of 4716	1872	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f1bfcc40,0x7ff9f1bfcc4c,0x7ff9f1bfcc58
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4960,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3444,i,12294095092356176504,14046604359381175321,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9c44c5e4743282dd87553894d05b2dda

SHA1
7e74a102a151f31dd95dcc79098a1d5968e1ec0e

SHA256
e33f251f94708f306176c912f517b3f0efa24263f141aee0088197fd8017742d

SHA512
91cc3b4a1573df6e58fd0abafdde7a2c3bd6cb82db6ab24cb76874e69a20f36b1e9409cc172f1ee2bb594d996291cadd23c33d2f30f97041a8c247f6984dbc09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fb31239ad478130212f6af0669c4cb48

SHA1
f5e81b12e6e9f5b2c480fb51c0c9adb79255bbe0

SHA256
82145b21f9aa58a61f996474d6f5d781304ba55898d53721b287939a4360e59d

SHA512
a7dc5425f87c051ebcdd7c6229de6d08807bfda80a19748f3828f2fdfab6ee2c5a7b00d887a07dde5a4d8c01bdb9830dff81eaeec2baf9c072f21184538e8f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e9db20a919efa9fe2f7d12fcf74e15bf

SHA1
ca2baee8358a3a24410db3396cd3f136d707362a

SHA256
abb21ced01f17569c0e3248ce72baa4209b3f4d283abb566794a7c6ae7a0aeab

SHA512
b60bf26948bd7bd0b2ba6b00f1962a3ce9ef64b13ece8a5f243dc778a29e56c2f16075d4289ab560ba5bcbed089a4314215241878145e9299e320c425ab2621a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f52c7afba6cf9a8632500e7ae96d0e35

SHA1
548394561628e7fe9f00e3d1964f2716184d757b

SHA256
53cb2e064dfec3098a24fbcb0b640b93a68e501bf372b03b4b1b5a6a456709a8

SHA512
e97447ce7d5c0dcb1a25d02b413b56461784b7b51b9829673d2ed0d59760fbaa070f729913140a4cf99fb8b40298a1bdbb64b8f2e5e20145bdea8e4c78d43d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ed65cbc0561941759daed7b0c604495a

SHA1
a1463189df4538a85388a79ddc2abb9d2b4e723f

SHA256
9b903db7b956436fed3beedd210860e129671811b39627cd4030d77cabb79511

SHA512
bab0779800683377589d11ad15bd96d3c567c12bd460a208293c8cd700225246cf615c46a8e33b1b151ac2af7d8b54c92d3f08ab84375117a8d2fe180d3b58eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7829d01ea4f0f989d08c7c4356740d67

SHA1
2680eaab31ddafef987ba224025738444d71b35a

SHA256
ab7dbd72b40d22f3540c3b61a1e4f9aff119bed2de48bc58c025bce84c59e52b

SHA512
759f42f00914c17ddecb1f71391ebcd97903d490aa404497ed55e926010262a560a24c785384ee110cfaca0e3e794d873e99466ffe61f5484a60e6525cf4ed9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f65d34094a1fdf5986ddb0dda64f2588

SHA1
1c241d2841ef6d3f4706b436494536574517d55e

SHA256
79b160fbff6132ddf601b5b55ef1781f3eaac9fdc2da8d8be402984ddccaea66

SHA512
8c8fee7b9150dcdf9a54db45dd9e0545f7ccd1498773eb24049e048de2f5c3a8115e67043ea5f03f90a7052835b750e77c19cf8456c6f45a501e0ef6111c93d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39b22a0c5a6274461144dbf62fe22048

SHA1
d4b740af25220f3a7c98142c2bf382b5cecb5410

SHA256
79b807b094bc7bf05da0447a34361873956728d109a5a1b292a3079aa21d5247

SHA512
c76e107d4eaa0cc7fe6d405c62cf923de950049084874ca0b721e7c71b6050fcf3490f0cbce072c89f185ba0cbf759bbfcebc6ad7b808eadd0c8e259c9c65097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f538c26c4e9e80e9ebbb8b901c4bcac2

SHA1
2a4217ecdc93f0fae2674b543e99ecabcdbb38a1

SHA256
1a759d52c71239817e45c8acff9aeaa58aae494a6bf37cf0c8ec5575a7277d3e

SHA512
9e0cbc0df8819160f0afb1ac7575fe1b15e8b9f502de7d797a4e13d93cce61d7d3f63ac66af2c6db6870201e5be1d112912da378db9edb563e06277914f643a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be8925956d2581b571c37fb636d61fe3

SHA1
d7194c04557c6b2c59cf494af97931969cafffa6

SHA256
feb6088627114a7c542febf40ba6e232235eaffb89b0e0392553e0239d65915b

SHA512
851690a3d73f97dc0972cdc93cb59e3e54ab8bbc10a550c14b6bda74cfd49a3a690030f8fc83b3e23c50e6d137600d4beac09c67d0294d9cf99d4bd31a2f58f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9bd9aa40942ec4a6d40d4b62057d9d59

SHA1
0ccbdaee96baf17a7459d8c0faeb2818148243d2

SHA256
7adcffe7cb5fe94216346c5b94d8e88e415cd4681ff2f318d3bf2b5de87ddd13

SHA512
fca10f50a5ec4d47e3d79d10441d36a0cefd260b7240f560f8203dada8514e5d6eb5c209543ef3296eebc9761be026d716e94f0dece764e3cb199b6f1a376e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a0055f8e6b3c72a93e919fe42af120d

SHA1
e520d9fc3e09387ee40a6c07a75771288eefb27a

SHA256
595ee47b861cd68d83b1865c7d33d332f66c14075675b15e83ea249838fc3a69

SHA512
3d58ee25bcb35132b1befe8b106954843781ed0e1ebd6390908415a780a8a47b97e79f6991137e9c6cc1ab5f7f876709da1af0e76fa6413af5504f0dee4488bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00ba88d4ae46592572274cd5c463a775

SHA1
3551989bf8e529c47c319f75f88aba8bc86013ef

SHA256
ca654f6535ed76c4da00447eee5c8a29319a952c96fb2b77e50b5c4a06c7d1a4

SHA512
d0050a1c4fdd585b3e17ff98f9e4466f4d4bb49fa7535b333ab78bd876a7070d1ebfb12033da16563358fa1008f34de5d0e63b9f25867940c52566a96f2d0962

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf9cde9e58cb0f1377c5ed94d181376f

SHA1
cd9f97df87f047248c23fde622a2a16f53bc93ad

SHA256
a6b31268125b9b779820147ac8557b89569738c36a02fb83e73e134d47578234

SHA512
1a7e5495dcd50796ae5de5e3fbcffdf6639e4a59da7281281dcd89bcbc5650864279655b5f13599750fbf246dcfc19a8193d4e9203a75493af3f01d110f51c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7088549b4e45bdf77df27aef5f62293c

SHA1
a4792f558b588b50c6136598449128221cd25e93

SHA256
3d03e5fcffcba9daa5c7344a0e43f6239653b1ab7d8f5fa34b1a6eaf4ec7e1f2

SHA512
8a67d2e88e318309e041dd015e7f177916a2e6713e65b46a4eda6f67ecd56f8d6cea5f38483023abd261c73a7c037f1c59426f7af416b34084c6b2cb9a30f9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7336bfa3dc98b00a2ef4cad1641537c8

SHA1
25588ad51482cdf9097fcce0bb2112eb117dc941

SHA256
7df3d6c759035ff5a67791ac37fb6ca8a133a3790a8a4b37c3c9c8e7a0dd856d

SHA512
e14eb2cdf2e03b486350410bfcd697e5916ff5eb115e8facc2517ed60a9553125acbbf1b5da0ed9175ca4bc31d47ff800988f3a96e596cdc0ed270dfad4bacb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
c3bfc9571196645492cc7289086d5442

SHA1
12b1a9a2ae3487a3cdcfd185d6841e04bbe9e870

SHA256
b448df25ec16f4b80a4c55ed8a8633432937ccc42f0fe29e18ad70380a9896ae

SHA512
65148e2f81c227b9c762811b8204b3430cf0324b63cb8e8f46debd697c6cc08244ec8d48b380e7bc5605c1cd58d51d106d4d6f64616012a479748db9bd98a94e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
dc008641888c81d77726d5fc10a54a5e

SHA1
ed3284a08b5ddc90ceb9e50c67d4bf7fa9a8cd4a

SHA256
9c4d6b08468447196e5bcb6d8016d9b05d93aa420d48192b30a34deb82cc3e8d

SHA512
6712a1538e3da25e12dfc94d5a74612640809029f4a4b4644b0753b58b2436cbaa25f0e0dc5cac91801cdd1ee41a09ba5c80e8d7274f7580f6034895c60b6349

Download Submit
memory/1692-10-0x00000150EF680000-0x00000150EF68E000-memory.dmp

Filesize
56KB

Download
memory/1692-9-0x00000150F38B0000-0x00000150F38E8000-memory.dmp

Filesize
224KB

Download
memory/1692-6-0x00000150EF630000-0x00000150EF638000-memory.dmp

Filesize
32KB

Download
memory/1692-0-0x00007FF9F8513000-0x00007FF9F8515000-memory.dmp

Filesize
8KB

Download
memory/1692-11-0x00007FF9F8510000-0x00007FF9F8FD2000-memory.dmp

Filesize
10.8MB

Download
memory/1692-37-0x00007FF9F8513000-0x00007FF9F8515000-memory.dmp

Filesize
8KB

Download
memory/1692-5-0x00007FF9F8510000-0x00007FF9F8FD2000-memory.dmp

Filesize
10.8MB

Download
memory/1692-4-0x00007FF9F8510000-0x00007FF9F8FD2000-memory.dmp

Filesize
10.8MB

Download
memory/1692-3-0x00007FF9F8510000-0x00007FF9F8FD2000-memory.dmp

Filesize
10.8MB

Download
memory/1692-38-0x00007FF9F8510000-0x00007FF9F8FD2000-memory.dmp

Filesize
10.8MB

Download
memory/1692-2-0x00000150EF890000-0x00000150EF94A000-memory.dmp

Filesize
744KB

Download
memory/1692-1-0x00000150ECFE0000-0x00000150ED008000-memory.dmp

Filesize
160KB

Download