metasploit | hxxps://ufile[.]io/neyrxg83

Analysis

max time kernel
299s
max time network
282s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ufile.io/neyrxg83

Score

10^/10

metasploit backdoor discovery trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

147.185.221.22:8080

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payleeq.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708811306662776"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{E7404D84-3ADF-4DDE-9AF2-6B0EDA81F1E2}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe
3220	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe
Token: SeShutdownPrivilege	4892	chrome.exe
Token: SeCreatePagefilePrivilege	4892	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe
4892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 3044	4892	chrome.exe	83
PID 4892 wrote to memory of 3044	4892	chrome.exe	83
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 3232	4892	chrome.exe	84
PID 4892 wrote to memory of 4708	4892	chrome.exe	85
PID 4892 wrote to memory of 4708	4892	chrome.exe	85
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86
PID 4892 wrote to memory of 1968	4892	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ufile.io/neyrxg83
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffab671cc40,0x7ffab671cc4c,0x7ffab671cc58
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4716,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5068,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4868,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4600,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5244,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5852,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5648,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6184,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5908,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6040,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6612,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6020,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5012,i,1882614270733446420,6522528814674632109,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1488

C:\Users\Admin\Desktop\Payleeq.exe
"C:\Users\Admin\Desktop\Payleeq.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
045bdcaa493844b3a323427c3d0401be

SHA1
248cc2f92bbb1c31afd4eb285921624f2cf5ae1a

SHA256
128fd10a6f3a8b3e9884caca57699c86cee9118d8e7c2f06b97d87a312f6f70b

SHA512
c388ac2f02e68dc3161b053810dd6a9fb39a318439c2f1b21a1a8439ecf93199d7ac8d779eeac44f6c7dcaa5052c0c050cfa686b36b08d2e98a1617032d04c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
9ecaa877e1bcfb560638d2fa08e04489

SHA1
6d4de2578bc7eb6b622dbe92569f7dc2dc6b7107

SHA256
22418e531cf65b0cfb915812051d7bab9477f8fc0109ad69e650ba4505b91845

SHA512
5ae237e714bdd327cd6c8ddb7f49503783748d1c70c082827a0a1611ffd280245be49a1e5e286b33922bb7c866304cdcee3bc724e68057894599f0502d73191b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4aa963ded19d65daef95306030f34f58

SHA1
186f87dfa0b7832adcc7b83d87fee8e28a4bc0e1

SHA256
bb071b4896adc18e4e3b69a6d0d56a4112700251daceff5ad0836d050fb05891

SHA512
8e9808f14665f3eb564f2320b842e8466b6e143b6729b27301c36f5fa96859dd2bb3f7e9f39e4f52d4fb14b4cf07562aadefb55b86bcbbdb40478878efd1d31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ef4d00676fbbf843fe83ee3a3a0b8371

SHA1
4ed8bab8557f346289f08000d7abf10527e574d8

SHA256
69d5fc26cf09d38c180f48457d79d04aadbd76a76ddca9001a6723a44a99f936

SHA512
66317eaa57918dc7aecdd224f17651f4976ab9c85040fc09eae7b4cee14bcefe63c122a8c5c94b36bdc7eb68362e3a26f1aeebb489f3ba8ff8b5145cbeef3861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b12a1ac8e144a0981e492fb8a10d6c69

SHA1
ed7cf1162e7c225ccc13ed824ccc0efe9dfe3b4e

SHA256
00a6bce15c8d0ecdc87f7246015cbf75dafb6628eb2c87b827324e3e2441f858

SHA512
a38f159eee10ef62e663e18be38cdc064c87953ba9d6644cdeba63a678cf2def53fb81052c2a217766ec821aad00cb93d85e51735ad0f2b9dfd132d8694c1b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d972a2c5aef17635797d048e69f0c4bf

SHA1
dfbaa595246e24c315000de5ef6350548ef90042

SHA256
0259bafb91dd4bd0e8340486d4dbe4f04497d3be22bc3592ac4e536521f7c54f

SHA512
882d59bcf7785d6e582b8ad25a049e69ee867d1aa4df1bf6e549f824d9e197583a60bf8842f351b60a6c705caa1b927e3c6ad600d7fc563410778ef0cfce721b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8c4582252956ba49bf8caaa1f175dd1

SHA1
7cf853da8b0223348c32e53f1d7c4f7d145390b1

SHA256
d7e02534db57c647b566e639242b1dfebad72a132876e4b043edc402a1844af6

SHA512
28adaf85536896d8af96617d00c7e77b751d2bf544ce8e7a87e15b87db1ff0bee38c89087c5784567bc3e1639c759ed67fda60bf4724c5b0d51ca470f291ed00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f4b3bb2d13cad3c2840f6f5f58429ee

SHA1
1bba72381492258cc94b4f064a7096bcf4a3f3a7

SHA256
41cf6da3b5f087fb71d1fbe217e898b920620017c2c488d365b1450753e9df98

SHA512
6bb8a448190ef85e07a6ef67b7109bdeab4b800456b5844fcd24977cf012e56d977a7f0b6fadfc8565cb9dc72669d6e9e8f4aa12e3dbdcb91c4fdf9c417506b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cac632c6f8bbaf8e8fb053f1c045c5b

SHA1
86f8efbedb7f95529f0443651db37aaa2a627c0f

SHA256
a9039f86d8a6f051722faab8e2ab313a2d74033770f3f99edf63397d5ad2ac61

SHA512
d7c445adca7a3f16bdb7b95849f721ef26314ac3267d5eb95daf05eac330e129e58b8a196f305ae2fb9bb7dd7c159ea26b75a2e3161c4aed0d0e08659683c874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
755b4b745002d15879748936a68a20b0

SHA1
58bb8a52d753c8c7553d4f2047a9d3ff30ed8fd3

SHA256
40a352ce56bf5727781598a78c4ecaf3810a26c7813fca2e176f512ed75db2b9

SHA512
769270767b02090099845af4506093c2a11b61e49358ff7701a0128785620e2e54171e8c23d0f778c9edd3f778ae8523852215a17dfc2cb0d2263e98e02f266b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e220783dfbe589ec342ccb31d414766c

SHA1
0133dde1fbb35957e341e1862ef5c6ea69141013

SHA256
0b24cb2faf53002acc855d4e02d79c67e80feed55eab69f7055c1ab3769e28da

SHA512
56f7be4edbcf6f0b38202d6a4246d897e856fccc6eadc49b6bec4f1fb80ce2de1b4aeec41defaa8950976cb7903f67ca27053ab89045f1e23a3bee0acbd9d621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e043ce272e1a2f1f29191e3933286acb

SHA1
427b324b346f4365124878061742150c064a6823

SHA256
0a42e0bb970fbcb29f1cbd524254bd6c3f2a0c5428a64f5877fb9cc02330655a

SHA512
0820ba140f83adfdcc5556c0b5f7cbb26db3400d46067af13e3f9ef816c0d8b5628c6c4a156c1b56264a58cdd07bd0d7b3e21898227e6975690670862b75fa31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40cd7525d1fc230aa9dc8c6298f8276c

SHA1
0b1e41aabcef1e43d5bbbfb43f0b736aa9a4bc18

SHA256
61f932ec111ad06d07ca6a166804f540584aef2bf52c78bf659e9b42dc481451

SHA512
39d26168212a885e882f79ec4c192982804b12657abf91f92949e4f7fb14858a6ee54d98b3fc58e743198087b3e7b61b974d3f06a9417a349591253d056af824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
552f7e306be7cfd222dda8fe3c424f76

SHA1
d8b1a7a9568d2e8fb042f94aa5279a35f4513b70

SHA256
64966dba4c7766fc45cbc68cd97b29587fd3c715a10fcd300728c74e1dd3665a

SHA512
5d0fb661b541e9c98ed46fe7ac88ccbe696fba6583e3f49d2c0a7c1243e13455ecff31d134fa44715b3c5a319e4237c468500a0b89146b56305820b3d1a8218f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f925cabab4ca416459e29d72fae0465

SHA1
55a4c92d32b177a2cb3c231b91f913b95c7c6604

SHA256
b798a95be74c79972ac3b6b873662ef5db2547289a72eda775c515033dcf59c2

SHA512
5c8b690c428c311b8949795955cce0e2d2ecc53cc2f861aac657335a6826b0c68fcc80197e15583a19f0c9d6bad94e1cda4870b9a4a4a805249d0144d17bb3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dc23fb977a62e809c62f95b7debeedee

SHA1
c056135fa5e48e74307cc3c242543977d0c75dfa

SHA256
860650f096c300fd6ba2b5cc6fb2a4b1021e0e4b79933bb2b43c988edcca0cf5

SHA512
3a993d6e77aad2d82e6bcb2a7f3599c7619d214e10001f1dfa295050d6bae5670132d8db67477f66dc789ad8eb832397138e8b10022c651ccbaa986ed9510eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f07434d7ee090b3afc5c577d960ef181

SHA1
ac10de37b7f818b3dd8886d6766315828d1347d7

SHA256
22098c2997eaf1d5d5ba0151e0414964b79d33f24adef15a69222146ac093fef

SHA512
bbe15a6400e5409388aebe040d5c3139939ad3f7fe5b4cb94c95eca8a8553de7c7c4f0b562c9a99f7d5090f74a1c1babdd1f8ba3ef53ee91ce7d0eecaf3692da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b60681baf56bb20300384758234d134

SHA1
ad3e997351f070420c7776bd3d7940e32b333cec

SHA256
56053f37f68625a038223f397c219b3db80e498432317a19f55a081dbb4ae56c

SHA512
d2224f1e7307039d7b5a7ebd667ca09de62b82118f20bf08e0b8076f9cc16aa0af6073ae2b7584fd437e555edb67ee272c17e2e59e3f3ff2697018e03b03f912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3647d77897e92404fd95ab15b53e3a89

SHA1
6692fcb4d63d54b2116597aa6069e3e1aadc2e60

SHA256
687a54055334a456acf1f66fe6901cdf9b84d2d27cd22d206bb81c531661f7cb

SHA512
f6ca741fd643365b0a90d8e802c208405ac2606eb57b10f4fd0b4f8b20fe020dd48e5e2d4212e29ddbb511845e8776f01042fd0d9106146951318dd95a3cf1d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19854f329a728e0f1ad88c92843fb324

SHA1
436a6ab9762635b9b7fc0b094e4452cc0b6cfac6

SHA256
bf74cd62c962a314fd026c37ffd6a6e31dddaf613d941edc5364ea03339b680c

SHA512
2f7eafeddbc7a3fbbf33ba3e697cc0095d1d6a6ba41307244cb8727c21b56d47b5607104b997154f9a2a62427af4459e507c03196736051bfbe5aa009a2a6484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ab6b3b6d5445ea96ccd31df42d13c31

SHA1
c0ffce6446ba1b2d09568222d64666da7e50dfae

SHA256
b301dfca98cc050f52c80d9b00a46c1f2ed4ff83ebd2948471454c8149f78308

SHA512
82548ef8c3842cb826f298429dd3d38bf74df9b41af19946214715698e95bd05ec9432ccc0a07e642d3c037b96c82b6d332159cd675e9c7b40d82263f1c63333

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2937f3d99f8c34500e586063063bea6

SHA1
d6b907ee0f6d72a406bdaa85d21bf5c0665d4503

SHA256
4d6cd562fee235c7e4ace65108f6712b05b496036827bb08dc6ef5476a74e52a

SHA512
e150f693d13e657a3629bc2bc2524e62effcbb4ac6dfba20892bf0907d2c99a36c07b3294545f2a69a667eecbce9b089aaea08b5e6a8da2b8a693576f44e5748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e799e8b6450f24188482028280d9b902

SHA1
c606bc2f11b653e018ab13d9b3a05811020c8443

SHA256
ddf5eb830216820dceb30086913d925a734fa39ea91b876c7b6db4047d20f6ab

SHA512
256e5ba50d12c568c8bf5620337230ecf93cca25c9dab824aeb0b4832e71097f6361808cda85d54af8a9e6f74b0e210732b0d320db5861c60584dcf9f8d0f89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4b6b29d3dbaab88d1e2e6225eaa53eb

SHA1
5ef755261b39a8340286ad84c4eb1b8663d2096b

SHA256
f47b4bf46c2ea4e10e3275720ac43eef801a64b9426bbcc092f5db078ebef537

SHA512
12733421e3a1f855452bcaab82d9c3080823957084749728b1ce13b42ebb665f57f0b02d42b8c7399706bf152263e01430c8887b3d705f012802f08ceb2d2f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
48d8fcbf90668cb33eb9c8106c352c0c

SHA1
fccb16a0af56c461fb065877e91bf8fe7b84ad05

SHA256
0c3b578c199be28c48826c0d5e0f8a7a7a586fb130fdd10e4d017ba20486cba7

SHA512
c239386419534d4356cfabd0c6ff6dab46e4043943f875e53e3be1c2de44c31e36843c9a48564c17c88ff06381207144b375e7cf1a92eb2ed5f0b238409d4c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6d421537e8745c53a8fb44f4b7155157

SHA1
0cd6eacddffe9642f523455520a12993c72065e2

SHA256
c24bdba6d40f77fab41386b56b58a1763c2e5ed6738d1f2b53cb538dbd23475e

SHA512
bb804f5a3ce84bdfe6d1622093e7d2d710bc60d2cd60f63641306e71cfff907319de8bcfc502b398ea2a46ba4d65ce79c1d902c9cf040cb3f9ed16189999949b

Download Submit
memory/4292-134-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download