Analysis
-
max time kernel
147s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19-08-2024 17:13
General
-
Target
HorionInjector.exe
-
Size
147KB
-
MD5
6b5b6e625de774e5c285712b7c4a0da7
-
SHA1
317099aef530afbe3a0c5d6a2743d51e04805267
-
SHA256
2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
-
SHA512
104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
-
SSDEEP
3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 59 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exeexplorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App2⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 7842⤵
- Modifies data under HKEY_USERS
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc1589cc40,0x7ffc1589cc4c,0x7ffc1589cc582⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1952 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:32⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3808,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3704 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4452,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,3053308871214196652,1259528237004466817,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3400 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc157546f8,0x7ffc15754708,0x7ffc157547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6096 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7048 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17834300721949336613,18324122177585948738,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsStateFilesize
649B
MD5c8970f05abc66ed6bb9503c19dd3804d
SHA172f7a570cb929d02ec87709067f71ff67e6f22be
SHA25644ededc6cdca6c57e53803ac1080f036a481ea7532d06f71729c6ab1f84350c3
SHA512841efafc567a4fb76f653aacd4e37a4390c2830ef0b0135db95b6ed2cc8d31135840ca92132af1fb8283cd4d5f6db2f3499cf348e44c009f25d8667abd1910d3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001Filesize
209KB
MD53e552d017d45f8fd93b94cfc86f842f2
SHA1dbeebe83854328e2575ff67259e3fb6704b17a47
SHA25627d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
216B
MD51794e346989e102f0ba45c9907accb27
SHA1fe19d2664a75ccf00fff324f212fc621c9464801
SHA2561f0a48e14c88a9e61380da99a1b125ef90724d3ca32183ea822b4a82e63596db
SHA5121f8ac1680f4aee29b9174345bf80b97e0149b0e65f7593da9478d045e01b978f0951e6788154a1ecd7c1a08244da326fe9d52dc23a0128f811a8f2075cf93a9e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD53a2a2c31ce5c6830871b2fce254dab6e
SHA17bf8dda5d5675a03cc30ff9e05518d366f5a70bb
SHA256665008aab3493ca8a4365fb7b5d675539622647eb459c9348b679c02b20e7c29
SHA512d34be54dfae7942f2b82b614d0db80474775cb97829faf34e4e47b0e185f18ad7cda187d83cb557a0be67738ab31451fb00008f3c1c76631fa66d06b7178ce6a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD50d8411ca3c794039dc4a20056dd09aba
SHA189bce35edc0d874efd93a6e37440b77eb8e637fa
SHA256a45ee28e609bbd0ea2aaafb6b3bc97f269007167ee5c55d181a4af1823695b4b
SHA5120bacb582c668ac5af1255d961913aec9922918225420eca8e476f252e23a6b9a83793678f109484e71f84a5c2ac5e476eb6dd0b4587df14439e78f01f536d944
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
9KB
MD5c2875b8f1a54f620a044c2c7ae26825a
SHA18f16a3f3bf6209287343ae130ce97bfb79f5c3d9
SHA256ffe05d627f39dd5f62520a3aece39901c826efdaf2b5d5de7825957d7ec4e50b
SHA5123e20dfabdf98d3540475c607a264a335ca50657ff87ad18870d2b776b8a65efc82589b568b88cd2bcb7a345d9ceaddab351c421a49dea8e53b44514aa646223c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
9KB
MD5265dcf6f5301e322534d4e616a6c9a76
SHA1345b0c451a2b27ef328df16341587ce77cf332ac
SHA25688b24ae54bb53ff4b7dddf858f136ccb520b77db9a8722bd4dfe93f76447cb99
SHA51257f3032d9d227125361435a786d286ea525ca0dfaff29653090fa61dd3fa44c7634d8ef98e262df971bbf302e832e6c520e3c3369f387018faeb9ec53e94a20a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
9KB
MD55273e42ac9e741fd5d50e5a83823117c
SHA1db0ab66dbb49b713d4cd3d4e9178df18b1bf37cb
SHA256c3da2ef1802f633d95b79552ba02895b5a0ef9c92f980b16a8300a5373f45d09
SHA512e5b6c3b1f1753aa1a4482e03e9e83bbd1334b040339e618f39cd11f98333fa5093d28a8e1c3276a36f1c61bd71892532c7ae63e3288626c4ad29d35f093cff2e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5dcc9804d2d70f449a1471478c6d3ea62
SHA1e79e9c22ff1113373db6d4b8379f22272aceaf3e
SHA256782def28d304ef624fb5aa362ce6672bac44aebc13c1ab7a4aabc34c41268779
SHA5126da674f0b1838d9c435f439d4146378d6504c784eea2c9204afbbfac5f99ecf0086fed471ba8cb5401439fbee9701bc792862f13e1c7bb3b4cd18ba758bebde2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD50bb9b278546acaac420d1d8ff18193fb
SHA12907bcbf352fc8c5b011c263a1b726a279be7ef7
SHA256816918b7aecb57821dbcc220fe4a0e6c52c4d28aa19fdbd28e81f982154ee3f3
SHA512ea0ff9a2355a7d765d787f56cffa6678668185da7fd36b48dfb933e199e392a42d0eb87dd67ead2ad899f874d74cea56a941e11b3fd09fa4772feaff9b34f2f2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
199KB
MD5c78dc4d972fb011776ae10f7ddfafe57
SHA1a5c97338702b444bc488c7539f1358a57af2067a
SHA25697de804d7c58c009b55619a015632339c3227e7279f6354b6df8312da6677291
SHA512c6dc144864dc0ca37aaf09101698844d33674f677d77cf2cd587f498ae65fe17b13b5174b60894c2dfd70de57c754782104e384054c111feedb491e02b1e83aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD576d59ddfcd7fe357de18e0bee4e89290
SHA18510a892e4f5706943441051213253a163b32348
SHA2563428596f9ae0e4d998728e9b30c6f8174ccb29be38287a942d6d2de4b908a9fc
SHA512219b135a78770653fa6e4a43ae52f9c938b62697386e2781347051885601e3501fc48523edf573129dc520f02cb470b2de0f29687dee9d7eb38521557dda637d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e765f3d75e6b0e4a7119c8b14d47d8da
SHA1cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001fFilesize
147KB
MD56b5b6e625de774e5c285712b7c4a0da7
SHA1317099aef530afbe3a0c5d6a2743d51e04805267
SHA2562d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59071c89ac0f1daff3a9684c8df595547
SHA194cbf7dae6ea10d33d633cb507420373de353e0a
SHA256caa3b09b8eb11546f40896bca98daba9a550fdc1824bddead9007e9c5022d8f1
SHA5129255b173b3e1281d2fe698dc1992720f8cf87b36365a511d29a6d9a424bb671c7d185b68b54abb2beee761c175fc07907a01d3941ab7a8991e2badd4b2a59ed4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD547720e44448779e90bee0f7cccb3edb2
SHA13951c83be1ea59b7e95d17fdaea91df000e03df1
SHA256a1de86636b41f0934af8113411657336e6be739af28523417c5af988a50ac959
SHA512f4dbd2c0eaddd428f720c745493f4d7668044b20616586c43ce3e72f14c44b0a889fd8ca5a6ddf810fb928a4eded760408291dcc566c15b3e7f8eb7b85c79e01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a876ea3e022e3f2d1494e301bcbcfdb6
SHA1b108bf3cdb44c507a5eb5d6286b06de1e04d68c7
SHA256c8b4fed20248d215971ac6f8776101fc221a5d235f5872cd092330a071878ead
SHA51264916f9be149e2b5517efc1647ce622541f712c9f8e3cea42fed2dfb75240fdb2cfca4f9b7431d5fa80b1c2493bebf0fb21945c15c0b9b71f5d314da767c67f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59490147f65f8e3692ade582f856ffffb
SHA12e341f5a2953024fcb4860dc9e329205f1f2b804
SHA256b92c3a7a60048e3820b487d3a4f75fcf0aeb28e58d00089ab015de76073b35bb
SHA512f82ce0dfa752978b06c20b575ffb8e567ba21aa4b7cfbf84070bbf93723d8b5a5e757d95b33a0709d269f2f110ca6f5f0d8bfff7ce4b14bdfb138218ca22db57
-
\??\pipe\crashpad_1796_JZNWUMBVTBMDXJWSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1316-56-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-84-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-62-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-65-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-67-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-66-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-69-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-70-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-68-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-64-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-63-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-71-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-72-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-73-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-74-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-76-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-75-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-77-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-78-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-80-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-81-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-82-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-79-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-61-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-83-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-58-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-59-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-60-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-57-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1316-55-0x0000020C1D1F0000-0x0000020C1D200000-memory.dmpFilesize
64KB
-
memory/1512-5-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-4-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-7-0x00000233A8F00000-0x00000233A8F38000-memory.dmpFilesize
224KB
-
memory/1512-1-0x0000023388440000-0x0000023388468000-memory.dmpFilesize
160KB
-
memory/1512-8-0x00000233A4710000-0x00000233A471E000-memory.dmpFilesize
56KB
-
memory/1512-16-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-11-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-9-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-2-0x00000233A4310000-0x00000233A43CA000-memory.dmpFilesize
744KB
-
memory/1512-3-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmpFilesize
10.8MB
-
memory/1512-10-0x00007FFC19133000-0x00007FFC19135000-memory.dmpFilesize
8KB
-
memory/1512-6-0x00000233A4620000-0x00000233A4628000-memory.dmpFilesize
32KB
-
memory/1512-0-0x00007FFC19133000-0x00007FFC19135000-memory.dmpFilesize
8KB
-
memory/4992-53-0x0000017D5BD30000-0x0000017D5BD38000-memory.dmpFilesize
32KB
-
memory/4992-17-0x0000017D56DD0000-0x0000017D56DE0000-memory.dmpFilesize
64KB
-
memory/4992-49-0x0000017D5B3C0000-0x0000017D5B3C8000-memory.dmpFilesize
32KB
-
memory/4992-33-0x0000017D56ED0000-0x0000017D56EE0000-memory.dmpFilesize
64KB