hxxps://gofile[.]io/d/jMTnua

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 10:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/jMTnua

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe

Executes dropped EXE 2 IoCs

pid	Process
5172	horizon-v1.exe
2612	horizon-v1.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611067422232285"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
5172	horizon-v1.exe
2612	horizon-v1.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5172	horizon-v1.exe
2612	horizon-v1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 1696	4932	chrome.exe	88
PID 4932 wrote to memory of 1696	4932	chrome.exe	88
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 2212	4932	chrome.exe	92
PID 4932 wrote to memory of 4160	4932	chrome.exe	93
PID 4932 wrote to memory of 4160	4932	chrome.exe	93
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94
PID 4932 wrote to memory of 5092	4932	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/jMTnua
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffbbd9ab58,0x7fffbbd9ab68,0x7fffbbd9ab78
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4368 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1632 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1884,i,3729910421308398357,7772859246201397261,131072 /prefetch:8
  2⤵
  PID:392
- C:\Users\Admin\Downloads\horizon-v1.exe
  "C:\Users\Admin\Downloads\horizon-v1.exe"
  2⤵
  - Sets service image path in registry
  - Executes dropped EXE
  - Suspicious behavior: LoadsDriver
  - Suspicious use of SetWindowsHookEx
  PID:5172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c color B
    3⤵
    PID:5652

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3764,i,13544508926340531097,6671217806016090640,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:8
1⤵
PID:5324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2872

C:\Users\Admin\Downloads\horizon-v1.exe
"C:\Users\Admin\Downloads\horizon-v1.exe"
1⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
- Suspicious use of SetWindowsHookEx
PID:2612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color B
  2⤵
  PID:5852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9241facb-567d-49ae-9879-c48abfd4679d.tmp

Filesize
7KB

MD5
e9fd69d39dd6abf8567857e109db3ce8

SHA1
f3c776cf498fe4eae73634bbcbc389947c808197

SHA256
bb3b6b20f4c89d974827cd1d8c7c216f207febd26c3e09dfa3ac5cf8bf0fc1e9

SHA512
6a8e178dfab9f26504986a2f615a3bf7310673415232d5d4a20800bd61eef4dd53515a92ce6dffc9fd52d28ebda6d1dcbb5ecb4e8e5a1541b29e1dcb41a84155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
014f5680c0ca0da6e60cb769faa9a219

SHA1
95c12f6e1653fa63e1bec0b9fc83ef3dfdab4624

SHA256
c5ab69df9b48e6d314675fcf5a316ee6b45c8c1665fffd3a28cb5cbe768a3247

SHA512
3229de0b90de2cfc762fa3f3ab9f9481f6cb58eb537b5fe19f6a7bf562d01d88ad6ef70a7fcd053fcadd2a1230fc0cb8d16f656ebab302176b9cb828f5bb13f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a038d85c454c5ccaf3e713b615bd0b07

SHA1
39a9feb2be62c6aef893c19201fdea66c7726fe0

SHA256
75a6be1a487acf6a7617b9d448eea53fd0e5cc2e0d54613d1c5b04c90746fa62

SHA512
23432971625ee98c3921fdba024e32799b4e2be5ecc09d7bb88f7acb2aa2252457fb083d670e836bee0ddfaf30192df2cbf3591ea1f14c40e277b513f66aee29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
bb7592c285e2dbd174136008a7b032fb

SHA1
dd5350f5ad18b441c091ed44363e52f0122bbcb0

SHA256
6437cb72a9955fe14b234fdf78b500b4a7e46001572bf872546ef2c9ba75589c

SHA512
0decd9a900e56f0896769197b2857b2bb68146dccd2fd64115b4678e76593893909acdb532d8091083405375856739b888dee4293fa737fc99fd6443567fee2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d66f9108be22cfe99092d3f90cc97647

SHA1
5ba60fc588c98280b02656c29738e7eb229cd47d

SHA256
58ff3a7b81d1ab27ba1e0adbf6231da6ec0230e9934192c97979e3e28f306d0b

SHA512
d51a41579fdc81ab6cb74a9038fe6c6eadfd17d03e9a1b521c9bc6f1b7b5cbff0409bef00059392d00dd8183d7e0c7debeaec843724a9565515e4265caf58964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a4e2162335416822d4aa3b8df12cbeeb

SHA1
1233511e8c28f28f8f2191c34a678a613ccafd9e

SHA256
a60fb0004c56d4b685bafa61e665e261fae08184dc4d8e32dc40947477eed9b5

SHA512
7e5579cc103f334e152e6a3e89af314dc39aabf8b4668b6415a6daa225f426612cda1fac1b304963e181a9c78481b2654d816fd41bb5bf2008d56de8de7aea2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5eeca77a1127a91add98aefa6100eb85

SHA1
0ef77d8972079e824afadc02b5592b4e462eada1

SHA256
f242a39caac1383a0a05101ee5d7a895c2d1809fc1a59295c78814eff7f473c7

SHA512
3ec95333b8bd5e675fca381e198d80d47cfaaa7f1097f8e3cc39bbc24fc552e78fab93c7b06ede25840850f8bd4340150b0918b00a8b822c55890d94ac20b2d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
23c41ba188e7c9b3972a7a5cd79b8a1e

SHA1
8ac59a3eb977f1f953aca8e2761af364204951b1

SHA256
481025a2cccdf1fa0cbe31de49c13a910ddbcbc9246bc24373a1a3fb8a5e41b8

SHA512
cc7e97ff0808fde8777863c3a85086d3658e68b841991d6d274bef2141f574e63446e21e80e3bc218a50ea60357d84c6c1f38f19b023ee15088c99f68f1d35ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
0347962058a6571661ab3037436b005e

SHA1
501c929ceca123a60612e04cba1ca296fb20ee2a

SHA256
7c4455080e02186522bacb052f273c175fa64aa8bd36cdb7bfcc53d188a3f7a9

SHA512
1a68f8d8c32d1fb3bd83fe7f9590ac4d16308adb3e59656c1c7793bb0414dd1a11267348702eee63566a741e2f173c6fc2722b86fc396f5b7ecc43764f0a9b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
a07f3f47de8cb06bae94b72652d452f8

SHA1
9ad53877108a55e621b3cb864e1e4ce43f0fa627

SHA256
cc7de69f440bba556f45716b912219f8f338e7611f4b4012f5b10a22d2bf9fb0

SHA512
b59c7c8e4122ee43c5135adf676ebf44392321ce655171c0dc62b5030bc77f646d9d2f8818d9524b46d1d0b848bb2dbc28f71be9248291ed24e375f6d3087f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe589e4e.TMP

Filesize
88KB

MD5
5bdf2d499962153dc3439fa06326595c

SHA1
b19d1eb1422b70556f9809acbc502c6c9c3b36e0

SHA256
59f22764c0fdafb51a310e1a571849c61375d2d1a4a08872c780c5068177dfb8

SHA512
e87ac5eaa78b59a56acc5ac973b1482b3e943d1b521de2de688de457c8680978b2a30c19d4303b103894aaa7ae9edc5804fb70deca52f2251616f98eb7fd51ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\frAQBc8Wsa1xVPfv

Filesize
13KB

MD5
6d4159694e1754f262e326b52a3b305a

SHA1
d5fd9fe10405c4f90235e583526164cd0902ed86

SHA256
b9a4e40a5d80fedd1037eaed958f9f9efed41eb01ada73d51b5dcd86e27e0cbf

SHA512
480d1dac3f9eddd38c97845cc173e77d17aa5ae69f06654edef07de6dc3c336741b691744da0a1477b48de3f42320f6dbae54669692d6b590ad971a272c4d1ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 487756.crdownload

Filesize
995KB

MD5
7d2c633f40ac76b349778fabaaddc61d

SHA1
7e490607c571c9bddbd36445d52e55eb52e9cb98

SHA256
c66b69d8b18e6ce2f52e5cda45cdce3984bff35c477992960913050df6afb1f6

SHA512
d9d7ef1a1e47e8b1941cc6ab69c3e3fb09c3bce2f834d48f1b243cb451dc21bb3de3a8475b544c7becd3e49772f5ad7af72840ed3ab0c8f00ab77d6255a35e5a

Download Submit