2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
64s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
33	1332	HorionInjector.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860886090862314"	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1840	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe
1332	HorionInjector.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1332	HorionInjector.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeDebugPrivilege	5672	taskmgr.exe
Token: SeSystemProfilePrivilege	5672	taskmgr.exe
Token: SeCreateGlobalPrivilege	5672	taskmgr.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1332	HorionInjector.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe
5672	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1840	explorer.exe
1840	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 3908	1332	HorionInjector.exe	95
PID 1332 wrote to memory of 3908	1332	HorionInjector.exe	95
PID 3416 wrote to memory of 3480	3416	chrome.exe	101
PID 3416 wrote to memory of 3480	3416	chrome.exe	101
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 4036	3416	chrome.exe	102
PID 3416 wrote to memory of 5028	3416	chrome.exe	103
PID 3416 wrote to memory of 5028	3416	chrome.exe	103
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104
PID 3416 wrote to memory of 4360	3416	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Downloads MZ/PE file
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\explorer.exe
  explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
  2⤵
  PID:3908

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa35fccc40,0x7ffa35fccc4c,0x7ffa35fccc58
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1372,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3644,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3728,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4996,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3128 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5104,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5356,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5052,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3528,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3520,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5608,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5628,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5636,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6140,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6088,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6108,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6488,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6388,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6660,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6668,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7244,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7288,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7300,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7304,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6908,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7284,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6648,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7248,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7264,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8048 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7332,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6084,i,15721998886672053500,16752279535862555407,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:6716

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3908

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2adcef0e8c18a174a8ca4caa32c2cad4

SHA1
10e5cc02aeee05abff8ae438504d3b486163542f

SHA256
0ff8b1a4770dcf462d989648dd8a0c5a9d6496cd97812da47410bb84b09ec5bf

SHA512
32624f363f9795897e0c14c0fb7389f7ab9cec1bb8a13734f467cc715ef9a0a46dcb40575ecbdd2632a73a5a10c9527fc00cdbafc13ef9473a9c0a4a76702105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
16da4df6f6a35a2279c9994270715d84

SHA1
285a0559a887b47743a1e51d1e3e21241d5bd812

SHA256
8290bb874b3c68a406ef66256ea50b77d5ead0b6da63d6d8cad2c5bde9c2bc54

SHA512
9b9cfcb8f54e138723316ffad087cd8483e8c45d958f356c54cc7ddea6849b274f590efb1889098499fccf47f554625e860a66c969451449f47cd1c9f2b41bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f8d4d071148c9d6ce894a026985ce473

SHA1
5fe9510594f9351e6efe98b4996d31213c817559

SHA256
d1638f9e0317245db820e60efecb4dba43334acc677172bcc2c0a3c4f308e491

SHA512
2c79ffe233d08fc8a0fb0793f5f1bfa93f1362cd8028f4fc81174dd2ac57ea05576221adc6b03aedd86c4ea557907576ba55a8a34a1106020e42f2a69fd6db67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.speedtest.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\34345623-3bbc-4370-a5f0-1262fc4829a0.tmp

Filesize
21KB

MD5
de847e58fa567a3db9f75407cadb9e0a

SHA1
8d918f88ba18e983a751ab98d62989ba5d5731d6

SHA256
895495878a984c7d1901dbc403dcb402552477393f838ad0ed72f433fec8eeaa

SHA512
19226a84ce5ac30f0c79478c081fda6f2bc777a8cfabba4f0fa4b06cfe5354b20ef485123314ce9376ff4749980a16962f6dcb3057fd3a3d52238f3a6e8af693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
887bd7f48ba1c62feb23f1ff5c971894

SHA1
692a8f7e56c4b2d635bc7d694775df39307360df

SHA256
afc7fc16b7a61467e9a9618092e68d79a9039e4bb35cbb2fa1b7a30e14926b37

SHA512
9cea9edd4dfb311e9a00dde0c19fdfe0470a5d73bc2a46e01c32bc04047a3f0b448e1b079219a1aa8cbcb26c9c1b736e51fc0b8b50416e0a39b9bc5cabf133da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
28e1fc7c1200545a9d41bf459cb235fa

SHA1
7aa6be657f970bacff78f52190999bd6672bb605

SHA256
786723a050e71393b0a7f34394a0c6d548e03c4c28e4a91f33d8b5a6c60b3c26

SHA512
73f3735755e16b28830d1c85f76999f9fea8a3210840e619ce2a182710d3954310ed291d458666e3e930a68e076e82d7ccd8ef7968a273d1528e3ba4e8cd7c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cfd14d7f49c1b09818b3220559a013da

SHA1
2ba73cfdeab2b7acd9b84e77a59c1cf925e217cc

SHA256
e05cfb1907b73bf4aaabec8395e96c3dd850b1777073510f4140884737504c81

SHA512
155e081bbc197f9279e23d99fa5f868f28a2296ddc5ee4ebf64e78cc61af1023a58ef8437c041b3231375dbd87229331599dd2e3022e10235dbf5cdf62516e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c7e49d963fc3e10ff4612ea5ab9181bc

SHA1
12b69363d22da9dd4c419d753e3dae2f76c5b2ba

SHA256
0c102af52a851bf5b696d590864729b6f0df1c6bd5ceaca1319f2a7f2394d767

SHA512
ce340c2874c714dea867078b8c88ddb0b246fefc431441e38025ed55c18e1c12df4b2405d8e658fed9e125317a70135154600544687af57f8ac06836fe8e3e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f56b1ce550d646726715deb72c9dd40c

SHA1
622e080bf29f74ead649d34cb03d31a234454be1

SHA256
2aa4e70f972643ebfb141c137723566843ffa1f210854946796ff72ce468d006

SHA512
97a3f96c84fd12eca3429e8fd881ae608f221c058a58eb1d27d87e49acddc0739d23aac5ec3d225969364b56f63e4231b831a0ef37d64c92240ea75a09b901be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7940761c07fd82c0ce4441db9addfc2c

SHA1
ea235d47d50bf9c6d86b1920a129894b9426dc1a

SHA256
ea829f5f8d74c81783f822949b77aca144b02973490aa8cefd06436afb3a8399

SHA512
5546d50d7cc8ef7f73f1eb79c63d2cb80255c83f7d5d207754bb0f9d3149d0dd58ccd33b57284907f7ead90100aebff259d69e561f46dc4d8fad4825b9328702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0378cb9d0ea6221808a6f01ffd7d8594

SHA1
3832333f3282fb56643ae99bea5d95fe9259590d

SHA256
efa197ae68ba786757b452de3a8966ee28c3843b79613430869892cb58240586

SHA512
4d9160ac9905ff000a5e5b1578a426120423f552b369c90dbbdec2c29941a3b673154265a5086d6f1f843e000291fbab9bd0d6d0ec7315ef175b70034d826c2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2df77adfcd75ebfc70afa25e100dcf8c

SHA1
35b639a60b6e5730a9df460badedd9f8bb5cca9f

SHA256
244df433463adab203304dc72d9f588757ade14bf4eac2015b2fb0be295cc0a2

SHA512
3974e79aa725c02ab016074bfc6e1da66498d9a28bf394c0fdd00e61bb50c28e391ad291893f2542314cfa6cfe872f9b31b79757d24a09ba80ddda287331e42d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4a5fdab44a017e8146820594a2059708

SHA1
f1b59a2339170d365282f7b8dc912565e72e785e

SHA256
d649689d706425935045ed7f0e0d79fbe9acdb9cab6dac3275dffa64d2250a26

SHA512
95be8f1faf856675d6624e580bff3149b90fdbf9c743acfa13ba2978da2a159f2b0f26ff0110d0bb9e2ce4b77147b44815faedbb50eb3a63f07356a9041dd860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9aab7bec-c422-4b06-b061-71bb50a5fd5a\1

Filesize
6.8MB

MD5
f81c6347a37e373e9b6d9cd34ac0a0a5

SHA1
4a037ebef5c36ecaa6ae45198bf4dfcb8d0bab23

SHA256
e12545d7e637e934c0b89ffff62e567cdc3c0512d90bb25b9a90ac0e04235348

SHA512
46a5d2e07b5ba3026ea66c5953325871d739e2a879912a50208124abb8f04468c404b54336ee9884ec2834531a0cd8ade01064b8df4f9c0521fe0a030f21f46e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
3112cc3de62bd738bc3cc4996f285559

SHA1
284b6ae2a871e3d49614d2cfaed336c063ac551c

SHA256
687c48b6333f2e081e5707b98849e9b8a65967c14d61572d70a1318547cf6a69

SHA512
f8f65b17bca75e24e7fdd358c78cb60eca96306fb8b4c9fe3afea52f3a7f0c0a2c24f99b6858d325c08b6f6c93bc787ddbe89355ab8d256c9a215983e6d8555b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
98a6ddfcbbc695741903dc1f0ec0f5bb

SHA1
0be25bc54075cddcfc5b88212b9b38a71b22264b

SHA256
5b01ed6536d676fe0c4365c166fae23d97afa100e15504647a1e1a185bd81caa

SHA512
c20937675007da24e5b4c0e7d02776e6a61dc4eeb04acd779b3c333f66787c81dfbdb5f4a8f52d427183411f72f3697dd4ac72206f5fc3cf3abda2ff0ab73116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
99a0deb3c1b811490bce52164349ea4d

SHA1
d5bd49ae7fb0cda4cb233ef766f3438982a0bea2

SHA256
3fa03fd8e7abddbbf8f704ab6d3863405a1093e9f1ed17694caed9b61ac4797c

SHA512
a35c2148489fcf805ebb3af11696b15f9fe0392cddf843b2f643bcb9976979c363f9a372e3fecb31e2dfc062ed5c5e73ba0ade9b1ae5baa099dc45a6ce379e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5cd41fd09997b3c45a4614c662226972

SHA1
c4c363a746a56d1f5f3965d402d9cad9ea04ea3d

SHA256
8825d6264c73b5485e4a2efe29f1c14222c52658f0e528e9ca40714d8c5db049

SHA512
b10cde8cf0947ec15d8402dfe1d2b95f4d75a378580ea08c1966fa2f60ba4c6170d53a1cb16c51060d098cb3ac1e3d6d8d51c8e8b3bc5087c4affb53835fb7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3416_1445323423\1f0db0f1-3b7f-43e9-9874-49622bcd6dec.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3416_1445323423\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1332-11-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-5-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-960-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-1-0x000001EF1E070000-0x000001EF1E098000-memory.dmp

Filesize
160KB

Download
memory/1332-2-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-3-0x000001EF39F10000-0x000001EF39FCA000-memory.dmp

Filesize
744KB

Download
memory/1332-4-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-6-0x000001EF3A4E0000-0x000001EF3A4E8000-memory.dmp

Filesize
32KB

Download
memory/1332-8-0x000001EF3A530000-0x000001EF3A53E000-memory.dmp

Filesize
56KB

Download
memory/1332-7-0x000001EF3A560000-0x000001EF3A598000-memory.dmp

Filesize
224KB

Download
memory/1332-9-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-49-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-16-0x00007FFA40EC0000-0x00007FFA41981000-memory.dmp

Filesize
10.8MB

Download
memory/1332-0-0x00007FFA40EC3000-0x00007FFA40EC5000-memory.dmp

Filesize
8KB

Download
memory/1332-10-0x00007FFA40EC3000-0x00007FFA40EC5000-memory.dmp

Filesize
8KB

Download
memory/5672-542-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-539-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-550-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-551-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-541-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-552-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-554-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-556-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-555-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download
memory/5672-553-0x00000163B5920000-0x00000163B5921000-memory.dmp

Filesize
4KB

Download