metasploit | hxxps://ufile[.]io/0pksxxf9

Analysis

max time kernel
299s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ufile.io/0pksxxf9

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

147.185.221.22:8080

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Rat.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708815171198616"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{1027AE43-3FFB-4810-BD5C-904E2CBC0111}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe
Token: SeShutdownPrivilege	1640	chrome.exe
Token: SeCreatePagefilePrivilege	1640	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe
1640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 3496	1640	chrome.exe	82
PID 1640 wrote to memory of 3496	1640	chrome.exe	82
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4636	1640	chrome.exe	83
PID 1640 wrote to memory of 4648	1640	chrome.exe	84
PID 1640 wrote to memory of 4648	1640	chrome.exe	84
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85
PID 1640 wrote to memory of 4164	1640	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ufile.io/0pksxxf9
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ff9c784cc40,0x7ff9c784cc4c,0x7ff9c784cc58
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1876,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4348,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4520,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4332,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5288,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=2784,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4780,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4572,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5872,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5880,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5868,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5836,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5892,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4744,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6048,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6400,i,10391390374724375729,6200489459831675642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3056

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3508

C:\Users\Admin\Desktop\Rat.exe
"C:\Users\Admin\Desktop\Rat.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1248

C:\Users\Admin\Desktop\Rat.exe
"C:\Users\Admin\Desktop\Rat.exe"
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5bc3a2e61efdfe5015f6caa836eea575

SHA1
8c0503834ec426c162dfbe818d6e8be794db5cc8

SHA256
51b8d21b00f508a77d5be7bc4c375d41825793f6e13bb830cb0bee6b4cf73b22

SHA512
f841ef74b0b647b59d1d8d2c09fe7e58edc076a8668db0919e810bb8a09a406db2258b6b81598598501705608a8cfbbc136f1a7c5216a27f36a8bbbdd30a66f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
18278997a433096803dec65069325fce

SHA1
e6ecd0b8a709e914dd5cbaf038773f204ade2481

SHA256
7670801c79831d43e67b0c2162090b8bdd87f593e9128882341a25cc1ebe2f95

SHA512
e973f4faeec84db43fcb91263bbc476ebf33d42f28e8c639afd6932b75d7c0e70db0f2d05320fa6e0304a3639630b437ed445d09e722c763dc3ed4096f7892a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4529950ac09fa01a1b58e6b6548cb362

SHA1
3cd1dc5cdec2b16e9a612a81182c03315fab9fcc

SHA256
afb4f69e68937b579c6e5ada4ec7d2fc5e627f2246e5f3a0f9728fd29a56aa52

SHA512
4cbef07ecca0516fd4c2102d8fdbe1d54abf9fe9f78aefcf1dbc2bc7071442ec3bf0788f1a4bf44ed9ccab9df82978427c3367944c8a3cb79d3e8bf6ea5d434e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
64ed729e1f8719985f6c5ad8bc15b8b1

SHA1
a1ee60d047aab97122322d99bc724d46711d7e0f

SHA256
44b1792fbd694f8788aca3e58010a61e5de5dc81f55ad498df2392886acdb4bf

SHA512
afa49fb723b5acf673b5f04be88782d442a40bb70ebdc470a03a0dcfc7210743fbe799cfa666c0e44420d68831df74291b08364eec4d044b7d672fd929f444c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b961935f6b276fb49d385efa7561b9d4

SHA1
ec9df427b9c6d1d27615aa80bcbd6f73fc20eb92

SHA256
6f7bb1cad678c318c613f0b6ca9477b10bf7f23d3d7afea1a2217c90d745654d

SHA512
962a9bc188344324eda26a805cf707d774c84d5ea525214c69c29d33b594d98a66b39ac59dc05f2a0e0208a5eb0ebb307358f838804873028a124216af7355c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
06aa58bfc9ff8083c5a4152564528cfd

SHA1
ff6e866da7ea31eb33de205493aa434fb6a97637

SHA256
e879d18a4fbf563573456d1b4b5e09718e2d7d3a07dd3c3b1568afd548e0ee4f

SHA512
27e3b82f993ef9ccb2626e00185bd4d02374a968fd3a078cc5a1c8b3f20814f7fbb46102f08c471e05b272689d166d18694d49033a7864885f580a604ebf2e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ba87d56fd83c94d53466160add6d4a2

SHA1
b5a7038dd2723e1f774ffcd7b3258d34a0f0da06

SHA256
f3850e4a2bc8b3c1884e79bd8c452e79486b8464fdcf76648cb79a4c0eafd594

SHA512
671f2dd3b94d10c597e40dd5bef8870a393c0789d3006ad95938a8622a150f303ac38df08aad8f833b4633db86082f28159b2edb443debb815f4c1d3360af8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba8dbdd45311e522baf6e29febce5cf9

SHA1
81a084b6be11925acae591162d0e9b5e3b502394

SHA256
362ee421635f35acc475b24df96b5651ac3ec67fb4b4db0788ee9cb85000769f

SHA512
59c9d41e662e805f5946d4420976930b18b3e8eb9a2c6b0a523e6d8e8707c796931d302fade844cd0c30f295de33bd328570a5e461e4fbe5ff613a033de118bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43ead2491bcef40c85fe75683eda4862

SHA1
ecd96c17593b8a17ce1c1063e0234d7b2ca78954

SHA256
767f516e082dba7ceee93d57d073081bc71b02b9ea50e004b51455e7f67250d5

SHA512
033d10e02f8112ccccb287b48616a875ad1d668ea3d3e6b41fd34febb93bbadc290ae25725e3d417d0dafce3e216b05a9dc9114bc382618e0ba572f46b5d8aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59bd60eaa052265ad16fa74a05ee4a1c

SHA1
162eb14e6f03a2d2b035cbe58c59ca27d9a734c4

SHA256
bf7ca94129f6180ebcd4c2485f7427ebb943671e2b892ab68189dd9c5d3b5c16

SHA512
7fb7adc0922fb3edfbf3ec65f3d5e6dede478fef50e90717718fbde771e754421a8bbd1aca370339159998c9c2ba1abc6c7bf2dc0141a160f1bd6baf5be3243b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46eb570bfc8f0cfe8074fccd70a9b612

SHA1
e2ad3ca047f7c9e8d9c1ef0b8b19de9c4a30e11a

SHA256
4cb852aefa470ced453cc553a8dc3a588c8134e483794d67fe2f236d5b78155c

SHA512
65f26cb4b31f44872abc23ba75d758f319baa3afc60be72e235b4c94063a7f9c4a6123aca696276272072fb1ade895a57779b78046d4bf6c3f50996f10810b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
867fb876948f35d1cfeb94f7521a752e

SHA1
f4e65ad4ab53175f2a84459c37b535421768b994

SHA256
f6e47b9f76d069ce898c09dc4b893cf3895342e15ddeb6bc38cc9df6eeae8286

SHA512
e95dc3d5d995991522e204a6bb11a7c918270339fde61bb5c6a8d49886b070121085738466e7643783850d82a09774333b8f780b5b1b6dbc210fcd56b6409aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7f55afc54441ccffdccbf8029e6cabb

SHA1
c3187530ea393aade8cd70eb00ed3fdd9af85322

SHA256
a83b18dde3bcb178d61c26ad7ab162b23e3ec53f230609d27eb248bc5c238183

SHA512
37eb8f59fa105748ec252c5797043cdb4171a160eaf0a1c492f8dd28f6b1b34c3dde825f55c6e2053adb12147a668fd5dddb182b167ac09635ef8849542a5406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6848e7605ed0fd19f46b246283cbba0c

SHA1
b12671f8fc973ccf19f6d7bc89fb82da0dbe5d44

SHA256
5fca92ae2e849537b991c3c37a524919bbcf9a0158c2606de732b01f5d5bd3fe

SHA512
ffb957df469d6c55a456cec292b065400d819f1ca1f42df633cf5324cb7961e91f570c2185198c35e748aec65cb6942e2d3680432abdd9be7349789762589432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86019159f80699fc8f253c695baa837d

SHA1
14ef73e75b43d88a1f2a3c56d13458a583769a71

SHA256
22df25b5fb81d33f9dfcb070036dc2a5cd74c164cbb4a6ae5bf2ed66fb0c228a

SHA512
a35ea3afad628a8bad0b1c2be1d572a19d872859e3c8f087f065c50507ca7bb68afc4f2d70137c21aa9af43246fe7abe9ded603e8de67fba269582f3f6899a23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71956b47b5faf261475af6d7f72b84bc

SHA1
e757b83296da247fbb82922bf6f6f73f7d828a92

SHA256
81756b44f234cfcc89e93b51e92f76d2c8f0acaba8d65e676f0533edf7c374c1

SHA512
f88797e531b1f2189259c84ed8dc75da6251058d793f19b51871ea1ebee2ae274be3f387afad6c814b36416034f394169d9a1c800b45a3f6ff4314fc203581bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
829d646d60b1a33722bf2a846075653f

SHA1
133afefe98ca5a5be82c6f99abeb2969cb61a5ed

SHA256
d68e2ebc99327ab31b6c792192c008837bca3ea8d11ae69ad04b4afcc2c196e3

SHA512
1baacfcbd4422fb92e6acd21605310711967c673108a32eb39334bb3b7f3a96c512142f26ced47c4b3e0ffe546d68eb0c95499faca4f19fcb4271eafb2fa43df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4ec5cc341bcf2d76a9a68f3c3d65ed1

SHA1
384b23dc2c98cadcb4c8f1246206ed78549c211c

SHA256
1b704ae5f7c44bf9094b0021cd5d051b47f3b46be953301291cf6ed8779e19d1

SHA512
effc4a31cd71b3cac69f8a7f7b8c412ffa8b557ef57872970c9d2b0530ed42bb6ea0ce871407bd0bc32ff31b9b9cddb4e6faadf79a340a603274c52f12f43c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ff69565c3f342b5ecaaff3d4c6890d4

SHA1
33649bcec6bd8d0f85c018d852b4fc388f06c2db

SHA256
af0ccba2059cb427538880c2d9961fc77c64859b78026d372e97bfc119aa28b7

SHA512
6f3d74301014d8467200e02fc3ee912213e6c968a6b825333907f3f3968002e8d2eff80bfbbf8039653479970b265df7ac7559a1797896b34961a50afa358d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4419903b6a5aa41bb3872c0a3c0bb60a

SHA1
f17300f517ff467718ba0dfb971519daacca1727

SHA256
07068fcbd53c400eda0f3d09f7e522fef327a631eb9dbb130261046076481f51

SHA512
76c45834808c70f14f384aad7d9249547b1eed80e6199f63de451b2f3be9bf011745601d19986e5d7bc7d3845cdfca6eee0129f172333256fbc1c15c1750919c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94c318d3ab6f3bd95a947037832beaa0

SHA1
2a1130428d1e36562f9614c90935ca377f5e63d3

SHA256
32f6205121ccde5e9cbea0f4b5ae1a709b9e87866e5eb7aeeea7d21320259acc

SHA512
9fda2d0804741ae2def8874242cfcc535eac719fefa62ead5c5bb03dc18039109a6cc80444c1dcdf447d2e6b552d1aef141b159363b42c2d472a1f3fd3f5e195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e0123e5fccee3d2a3d266c2cbc574552

SHA1
5272ef534376392f3f0164b45241a75b03360d0f

SHA256
b007eec177bed218a930e86453ec9a6691706e31e3cec932fc3a7f2fe6fb5f8e

SHA512
6f7eeb623f420fd9f7f524f4062f4325ddaacc82bbab93e1ad54a0e9444f99c36efb61d9f18116f6d7e070750ae06752598cfb356bf240b4fb728e34db90e2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
bffa39e5dc4e73e17c911ee98d28b936

SHA1
7fb50cc230546b9bd968840e3cb9cb6afc04a371

SHA256
f8648385075d7f09e88669afe37cb0c6c33a6af9e9c38627efd73c45ed1d65c0

SHA512
34fc340bedb1a72ada00292c68a45f0a052815e4a9a4fc0c4e9538430e8cdfb4849473099bed1d5febd2b041ee427fed1a1f38e1618ae8165aa5f3450ccdf76c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 357585.crdownload

Filesize
72KB

MD5
1000ab1772ef407d04909564867f52a1

SHA1
1bdb5472e2ba412149b681d5c3db021f3e31b0b7

SHA256
923e6d1e07b7011ee23b93e85dc2d4916c9cd0ab17fd7ed16711e067896f0c69

SHA512
338b34a8acba1167108005e5bfcab2458f9af3b6b45eb0435ceebf00d906fa984e5905a7ff6b1705f6de708afb155cd1ca2363c87afb74952ee618063248ef52

Download Submit
memory/1248-149-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download