e75a34fa8049671c2d45b0957d8234847f0e7458829a14d22af776c1dfef9f72

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

horizon-v1.exe
Size

1007KB
MD5

c49e93ae7a60cfe00be724f44052922d
SHA1

f37dcdd76db4f6bd839ea1db713edf13c8c26b4b
SHA256

e75a34fa8049671c2d45b0957d8234847f0e7458829a14d22af776c1dfef9f72
SHA512

0d9fbbc186a4a699e618645bfdfbd1e9cd04de39b546ea0ad6dffbfea94c208a908f63653e410b1faf75b61cdde704321b7a9163ed699546b2ec50898bd96412
SSDEEP

24576:AssZ31JJ14gw87Qjc6OWmwiFBhUXZtNoUCi8e0fKtKP:3sZ3XH4gwkQjcDWehEZLoUZ8e0hP

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets service image path in registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

horizon-v1.exehorizon-v1.exehorizon-v1.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe

Executes dropped EXE 2 IoCs

Processes:

horizon-v1.exehorizon-v1.exe

pid process

4928 horizon-v1.exe
4648 horizon-v1.exe

pid	process
4928	horizon-v1.exe
4648	horizon-v1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608220758494438"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1248 chrome.exe
1248 chrome.exe
3576 chrome.exe
3576 chrome.exe
Suspicious behavior: LoadsDriver 3 IoCs

Processes:

horizon-v1.exehorizon-v1.exehorizon-v1.exe

pid process

1504 horizon-v1.exe
4928 horizon-v1.exe
4648 horizon-v1.exe

pid	process
1504	horizon-v1.exe
4928	horizon-v1.exe
4648	horizon-v1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

horizon-v1.exechrome.exe

description	pid	process
Token: SeLoadDriverPrivilege	1504	horizon-v1.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

horizon-v1.exechrome.exe

description	pid	process	target process
PID 1504 wrote to memory of 1528	1504	horizon-v1.exe	cmd.exe
PID 1504 wrote to memory of 1528	1504	horizon-v1.exe	cmd.exe
PID 1248 wrote to memory of 2836	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 2836	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1704	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1060	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 1060	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe
PID 1248 wrote to memory of 3284	1248	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe
"C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe"
1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1504

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
2⤵
PID:1528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa48b6ab58,0x7ffa48b6ab68,0x7ffa48b6ab78
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:2
2⤵
PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:3284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4440 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1588 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1592 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4656 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4244 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:940

C:\Users\Admin\Downloads\horizon-v1.exe
"C:\Users\Admin\Downloads\horizon-v1.exe"
2⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
PID:4928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
3⤵
PID:3904

C:\Users\Admin\Downloads\horizon-v1.exe
"C:\Users\Admin\Downloads\horizon-v1.exe"
2⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
PID:4648

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color B
3⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3380 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4752 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5592 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5600 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:8
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5752 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:1
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5200 --field-trial-handle=1936,i,10115780906958320145,3701110012848050170,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f4ee3dec478be148413bc784c8734caf

SHA1
f84c912f8d24a3ebda9be5b996872007fdffc2fe

SHA256
e97bf8eeeef054cc80a63de91e44dd8d284794486226e4af89798fd10364d62f

SHA512
396a6c79cc90674252586891910ee0a750093353ec6ee276644fdc37f5cb35de0ed7d6a30ac663b875ca4c824cc8866dd49f41d5252b517093c9b42a9a0bf59e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\12ec3a87-f237-411f-ae29-e7746c18febc.tmp

Filesize
688B

MD5
7c00ecfe1a9f8fa98395b8c5effc027a

SHA1
df91c5c2ade9eb7e02e6d49544a83647bb22f91c

SHA256
bc5b5a93a32cc6bc8c708053f0a340a48ba1b482254bfb1141f9f704548b3c5e

SHA512
98b20f82dd4de050ba0d69cca157703ab12761ad7c65b7eee18fb44487ebfa7be1b17ae09766afa788219c75ea896cb278e4489a445fbd3b8643732f121bf7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bb1c3ccf33ca929a438f58683e33d44a

SHA1
6582d00afce93212f32f79ed7bf37d0e87443d2f

SHA256
e819d50902ca0e095560afe6ef839410e1756dbf3ea1e0631773dc65622f2a1f

SHA512
43e41fdc31fd5179e3405eb73c3bfebb6693deb3975a583315248f38c075b678c8e30595d473cc78a804cba3b7779a7fe438a86ae7927a327355bf4f927de2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
17d7d4fbea21108887f513ef8e858c04

SHA1
03b7012fa30118febc3cebfa46b9c015764ac17e

SHA256
2b845f56d932038d4a8fcc4f6eccef6fd3219d5e5e8e2c31f02ed87a126c9968

SHA512
d213732015f732303da2ac1ee0a75a20e211bd12d2f578172807256a1234c4a6aea9c2021d8e377536b46443baf072884814203eb4768ad543fc6774293d71fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
719e9524c0dbffc0ce7b9717c002dc9c

SHA1
4e6587735a745f5e3b9e1a16ae95dc9ba92d1562

SHA256
3580aec0b95d6e9813bee014fee1bb20e10b246c0e35bd03fcd1d2ced7da228e

SHA512
b26588caeb3ae213b263bbe0a8519d7f552dfe240959e4d91ab057309c06436679666036bdd222d6828c045ba6172ba394148f4c0c1f128be0e9566fc1d25633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
5e79b540b45ed7e80edf7b14d4438a01

SHA1
1a299cde7e69d652b8cf572150a6142cb95b5c04

SHA256
2cf1ff0a78e02aba4bc57c8989da097bd3b19dd3d2621553a412228ead7535f9

SHA512
b6dcc3b6f4e1a003ee0d56ed7fd12abf3dd05b148c4b0e99eb79a014a5d6ee21aebbc6870bbce1dec72e768776543d0d08dfce69949c8fd82b7d5e3721152a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9c5ae67bbfb60837af7140a573a2a348

SHA1
70577e0d5c7baca1e3c14d53e37ea35c2f5a0d55

SHA256
565ebefc02e2951788385032eeb7df106e40646c06de940a5999e67c2aed7abe

SHA512
f021fbc56aa01eb0508f5018bc5650a11ecd631216f28d9200447ea8e84dbb95d1c3ade2838922fca3c89a3686b5717dfaf99e3914c7ec67e315e42d2c8c6cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9eabbc5c68bc0038a247f11f844581a3

SHA1
bd5a691a7c08577f43cac00a873dc763fd50c485

SHA256
f979ae0d7e62b3263bacc140b7b722d8b1d9f3f399b1a13eb02bbfcbe057fc52

SHA512
f39397ba855235432461c1e600bdce84e920eb020caf777c2803a550b033de4b0faa131e39969d08b0c9b6eeb09f3c883554bf2460392d2412ea60558f93bf9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bdf546413384b731b37b18d6411a9f41

SHA1
5d76698fa3ddbcf1167b50e399812aadcfca5d3a

SHA256
b77cd24f734935e283406d3fc7416ba56113fc885993defec931400be75a08b1

SHA512
f7c0a57e657f7555932a211533a3b53ec071f16b70ff92c6d15a111eab768240faa44a451a3709f1228a6535de88a72d648b9ab8cab979c9aa4c5f9987d0bf66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
406777fa4cc02345429657046501c718

SHA1
585bd1e85ad5ba8bc5a0249edda67d00fa9669ee

SHA256
1fbea67ae3fcdd070f761c4afddda818499242b1636c44ffdfe7c3272fd2fc70

SHA512
63409e3bf5f72a0e5c94d3d72eebf9e754ab875ede0535ea5698d8c137c424862ff6715b9193af8d5b6dfa43780c839333984b1e0f142e7106d4b1fd70b7ab5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
bfcfde465e62fe0d342dbe22fdfd835c

SHA1
4862b8c939224376bb23e0c7fad9f4dcf5b4fa4c

SHA256
65a413ec62b12ee00ae2d3e4a12b34a17c8f21dd1522007a3fb724227e334e93

SHA512
d9a668ec592fae4d13b94d9acb8ea08eac40d25a52eda233363721a0f9085ef64f5ed0206f9b60451e63148c936ce87e87205fbe6db3262175d1d772589014bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
6b3fa6e94166c7d6ae41c9f611b37ea3

SHA1
ac91eded9ab11eb3b13dbd5341ababf060f9660f

SHA256
b791473179208d7a1d03119f24695ed6e1f1c5eae7a9a09c53e482227f830f60

SHA512
d8f87e789359bac385e9128b5e33a373b3b074870dda418b336d03c1a5b0d8e849dda215367b0ea43b656bcf388e81e83756fe9be08dcee43c20601d8dcf69ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
c9aef19d3df92d0ce84cab0133cbbda5

SHA1
143f6f4e2bc2cb6aa3a3d35b7c119a17356a5e24

SHA256
2053a1a7724c64584eefa15b64f5ab42cebe55349bbaeba354704920ff52328a

SHA512
629d844e05ffca84a6ebbb213a308842e7cf700284586df02adc0571037f1c1bb1216aef433ab9e7673f03081484ee4f033f7bc39c6e1c964c4c9e42a412707e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
5388b8b4d60e385e7e143fd1b24411e7

SHA1
1f4f146881728c57deb9bef380dc73dd523d2981

SHA256
7069cf9b51254eb9b755f7c96693200cb9868292408eb3c7f6445554306fb5ad

SHA512
c1e44afde7bfd1032acc6a324eabc23e545597603ef7fd89f753c0315863453fe69a4177ffd457b44956c7e97e39eb464b05835854d1ec1add9a61b84f444410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5966af.TMP

Filesize
89KB

MD5
161b6a62f3c17d1b995e6a09e7f422c7

SHA1
7a4bbf0b4eeb910fc999088fa6c7a368741feb55

SHA256
23da05e3f9576109a92413b8f96a4abc535c62cd078cd80b2e498237a4e7271d

SHA512
eb6f295913586f0b0eeaf797680fad5aef095d5c6428eb31b74ec2a800eac6bb0782e0732d7a462506c0bb6be0bf8cd3c3e789c300b73ee4206d71cbb586794e

Download Submit
C:\Users\Admin\AppData\Local\Temp\frAQBc8Wsa1xVPfv

Filesize
13KB

MD5
6d4159694e1754f262e326b52a3b305a

SHA1
d5fd9fe10405c4f90235e583526164cd0902ed86

SHA256
b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf

SHA512
480d1dac3f9eddd38c97845cc173e77d17aa5ae69f06654edef07de6dc3c336741b691744da0a1477b48de3f42320f6dbae54669692d6b590ad971a272c4d1ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 484027.crdownload

Filesize
1007KB

MD5
c49e93ae7a60cfe00be724f44052922d

SHA1
f37dcdd76db4f6bd839ea1db713edf13c8c26b4b

SHA256
e75a34fa8049671c2d45b0957d8234847f0e7458829a14d22af776c1dfef9f72

SHA512
0d9fbbc186a4a699e618645bfdfbd1e9cd04de39b546ea0ad6dffbfea94c208a908f63653e410b1faf75b61cdde704321b7a9163ed699546b2ec50898bd96412

Download Submit
\??\pipe\crashpad_1248_TAGJOCWIBZYBCKQZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit