hxxps://www[.]mediafire[.]com/folder/6zfac1fwxn89v/Aquantia_Executor

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03-06-2024 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/6zfac1fwxn89v/Aquantia_Executor

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3356	winrar-x64-701.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618631006447669"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
3704	chrome.exe
3704	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe
Token: SeShutdownPrivilege	4372	chrome.exe
Token: SeCreatePagefilePrivilege	4372	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3356	winrar-x64-701.exe
3356	winrar-x64-701.exe
3356	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3148	4372	chrome.exe	72
PID 4372 wrote to memory of 3148	4372	chrome.exe	72
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4748	4372	chrome.exe	74
PID 4372 wrote to memory of 4088	4372	chrome.exe	75
PID 4372 wrote to memory of 4088	4372	chrome.exe	75
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76
PID 4372 wrote to memory of 3688	4372	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/6zfac1fwxn89v/Aquantia_Executor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc22aa9758,0x7ffc22aa9768,0x7ffc22aa9778
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:2
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4844 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4900 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5304 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5196 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3032 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4824 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3536 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=764 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 --field-trial-handle=1612,i,16421333194429465511,18030164563724779607,131072 /prefetch:8
  2⤵
  PID:3328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
3a2b07029497c0d9f8c7ec433d03afc2

SHA1
769b7e980cc8e3886c0e30f5a2832005ce4cae38

SHA256
fa174e04c72411f44995f8fa5c62bef353051843ad276a1a350650698150f1e8

SHA512
a5c93f0986a7af52937a7a2a271d68b2c4667484295811d0b4d54d1cda2498e4decb4e2a21f1cbccb8723c8feee7e030ee3682202bea465555404041c37ab383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
c354352bb3f60b1135ad7ae854f6b92e

SHA1
e32259a03cf0aa5da8ab9013a8803cf3ec47287a

SHA256
d66f074a7185a7940631571b375d23168410c4ed033993819dd670d1213e86cf

SHA512
080e064efa8d8a2e1c6a9a1e89935463f4380029296c425b62888f534d515ed63c1f050119f61b0ae8b7a178180d3618ab87c20a1f2222167304e2b86ea2990a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f4ddb37b6d5ce9c1a5529f21f0d54f17

SHA1
0b0f388f693c28fdb9535abe96e377d54f127030

SHA256
3b33cf844ae25dc8f5c265f5d8e14b09c7be245fa9064067c3ff9f5ad521513e

SHA512
564939b78f210d199fba6f7000a08aa0f7f468198ab2d6ce6c0603dd356ec23b186e5ce8d59a46faa7020dc806443796c9f6997dbc83d2f54d32d1d4fbe1f972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0649d2bdfe0ad78d925972e3051c0fdc

SHA1
419641882658fb464e0839f04f97d1158b38e9c6

SHA256
86daf3f41e0f8a3ddbdc25a157c3aec122b4886ca79720d577ac0056748e5477

SHA512
8509856f70bee7c1d7a7e020fccaece3eb90569b1ac8331e0d3dd9becb9f707a9811370f274b20576b7327b6d29911608008d2d1a5cbca9e2581cf0e07bfcb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
59db504fcbbb5a651377e1b3f36544dd

SHA1
2b2d6d884adcf801f5cd9043368502b5dbcefaa0

SHA256
693166351619d5382353c294ff55ce0bc8a3eb74a0b7c002ecbb29c940682d93

SHA512
f3465081079bacf134f0cf3af781474d374b51740d2287a2af097efca591361d2c12616aa9728b8bbca672c04a145fd8605237bdb6719e8f216d44050e1b8c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbb8efbd7f3ff8b4c8c3f496f1f8e3b9

SHA1
2642b811bd817fcc9290bd4b3082a20d5461c669

SHA256
b5ce8d479538815178920c6c634ee02799261b800a06878d65ade7dbf2d5dbcd

SHA512
d61884c756daacf9dd33f38d9d8f7129f57fb7a4706c91181427c0f61db6ee81b8ee11f7575bc977bc3d0b7c875044017d3e107e363cd5f80748dae1f431216b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0b33ccbee18fad03ffbee0444a823ae5

SHA1
95b10931b842aa661b7379103994a7df9563f181

SHA256
73b5fcd8090e3ff41f80f097ca9b3440dd249b632137a10861c41f4adea44755

SHA512
32687db9e40c8ea7f054a7c78376cf20091e18840adc68f2935b8838fd3b43973b53d919a0508dbe008ea3a2e6372956529aad48a4a8902b193dd3064dd65cf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d44e7934d2d63bfa5143780da7e3d20c

SHA1
a498e19a7d0e2897ee51a981d9c9ec5b5f881a6a

SHA256
8300568bb96a535ba03c2970b5d3faf2b00dbfd6bce3853b2e5f03d5f2558381

SHA512
895393629b2cceeff3c6fc78288c33bf61ac5d704654963ae100bfd6cf55c01e36dca2f20e0366dc60d1cbd0fd4e606470b6a291a6d032c8fa7b824b6b0c298e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6886c79b0fb2705b703395e92862b18

SHA1
7c4508eb987cd70b4e331c3faa1a878ef2c2a4cb

SHA256
c870306683f12218f403b966b611a4cb217313e81cc8671482499263b83a6d8e

SHA512
53b5f1749bb2a5b89293230d6cb47bd657df3442851c2fc43495b42bc4b71d5e2e923f720cfb635e3bba6f042fb3a76d0b6566652a7457adfddf57745b5af709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c581a8effcc8d4d49cbff6e52c4464ff

SHA1
09d2404bd202011a2ab98f8f0ab4b99a20b52f8e

SHA256
844184889f695d70fbcc34a58b4ec35d686c751033ed1ff1542eb88807b00fe6

SHA512
62fbf6e45d487a80fbadf5f54231c1eb90ac3c61c2ee184f9fad4ff5d8038ee6483e8877112eaaa0dc26d71103776f4f31ba2298ffef8609bc7a00abaf7eebba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
447070ba68069efcd5ce0343b1ac8a6d

SHA1
6e9357de20e541f8f0d528f35cf879b063dd65e5

SHA256
09bc9caed106bba56611dfc155ccc602534ad03eef3a0fdb1f8857b0ed0fd9dc

SHA512
43de7d89185534c2c006a1359cf103eb938e06e4bb5dfbfb54c9a4d816eb4a0fda035d887f2d07f56ae765f08f7056b2f2cc41d2ee16c329d6cf9a54c18025a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
93d3e13651fca9c7e3d0e9cf35cdd8e0

SHA1
82a3ef743336f7391e433db24e5a0d015e92e1cd

SHA256
b13b298eb9a7bfaae233c4e00da5b54836e184423b1e7875ecb9db438cb61bf0

SHA512
59abc862f4e87f9dccd6c230bfafd261b801160e2f145e349053daeaf63e685977101e566dfff6234714d5884e9ff8ef0eff1c869a14c65860d94b7c70a4a285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0981ac2a0cf19ac4d2fda0bf0b84f366

SHA1
5258d109d79d3f24d933b712d2052c43dad870cf

SHA256
18c32215003c2e03364d1dba0763e369b16df4381543fca0640af982c1d2f42c

SHA512
5a9e939dd49e21dd7672355a70b29dd210b7e9495947aa9c07003af89989b037e2081638e5a5c4a99c8a183ca33d65f638b635b3d50a6b45e7bcc48600cb64b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9fd780ae2d78f4d54d88437b1ebbefcd

SHA1
16bb5946f0fab111252708efdcfc988d9e21abd7

SHA256
b6b4876f7d81e174ad2fb3d28da2a42a07d1104860d441dbf5655d150d6fa25b

SHA512
d1327ee4cd3b1834ae93c8280462152d7d6eee3cc4e10bd0bf1369044b4340fbaa67608ca5d975272896db87e682fe4bb9b5f94849153146f19b7bbe4b45921c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68f431aa9f48cee759b3ac4aebaf5092

SHA1
8f6addb99a15b490e2f0f6b1b4fb35bcbd75c84e

SHA256
d9f5e36e182411e7c09a9d1bab8e7e141f95c6ce7da558453464ee175ef9680a

SHA512
767eeeabab76c54cc7c85a868ae8f9ea616621c7abb82436b8fac12e3d163a9d9f621d4ddc29adca118a897f3d003e09ea00272b86ecf52099ccff1d936a1144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
19fb2a82560d6d1f5dbc05ce009b2af8

SHA1
cbad385b570e5992cdb70f8c49d82c93699d7140

SHA256
def8c4ece6a25b65fe019595334b5ef36f53f9bbfb3fab85dcc32375cf7e12e9

SHA512
545aee8e6858855a016d3270f33ea4b83e75276505102111f373bce08a6e4674f6a6a87700cec1b543dd276d8e2ece42232b2e3a3a6cadc6ccf69a3d1b4b3110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5d57500f237a5daeb8dbcef0a7398802

SHA1
72675ff925331c058e25b97a9ca951b91c871471

SHA256
4315b9b00f24949f91c52d7d603fb0dd011f0fecdff4aed0745d82ef6dc3b1b4

SHA512
0905d7752d4ad4f0f6fedcf4a7b84f1811547bd845495ee94ce19c0d0eecd9fbf8df126cea02ab9661da03eba2755fc643f7d5b9992a0ea3bd87363e4172f02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
ce22d4bf993b0a8253c6aed5e716bd48

SHA1
9f6d477a6b9d4eb13e8ef9045074d89cebaa6f91

SHA256
31785f9895591b6a1c3860c29cc684139325ba9caf4a4acdf7f46b01741f4daa

SHA512
067d71cbc8b5b3c02a0122fe0ca282161181d473e1566813a50020fbea7d4befe70766bf43137577fbcc14f54987150fa7560f7a87f7a3cc2d07dde94995115e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
a80f0dc55190843b0b786199a22f2526

SHA1
341b63e9170a3f80875f3c78f19eb3a507d9e451

SHA256
1516d22cece434efe967cf4d027ff91bedd880b4a54736cb982c84d953bbb459

SHA512
2776e61020fd2c76d2abc10f821acb9c45dcf3d11183013793f176a3c29a94a7758ab94c53279f401f9a16a82f88f08a3464bafbdf1013f40459b1986e49de53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d4171.TMP

Filesize
100KB

MD5
66bd7b584c0cd680b8c0f8b5341dead4

SHA1
bf1dfdadab9cddfaca9314e53ce7d0aa1af5c8c2

SHA256
97bd32d9fd5026c303bbe4cc9fb602f9b116de07958bbc8b7c051a6549bfb376

SHA512
0630a697c30bf2cbc0ab7cd83d2c68ad480a68ed707fc4f6098084f119265ba0c4e749f9104dbc25295e01b5c0cef96be4cd802c257f7f8f66e4e4716fff3660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit