hxxps://pub-f476d11f6395447da862e23419801480[.]r2[.]dev/linkoon[.]html#henry[.]domenici@missionlane[.]com

Analysis

max time kernel
149s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub-f476d11f6395447da862e23419801480.r2.dev/linkoon.html#[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640579978775380"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
4476 chrome.exe
4476 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid process

1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe
1812 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1812 wrote to memory of 3448	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3448	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 4832	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 2316	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 2316	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe
PID 1812 wrote to memory of 3352	1812	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pub-f476d11f6395447da862e23419801480.r2.dev/linkoon.html#[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff952ab58,0x7ffff952ab68,0x7ffff952ab78
2⤵
PID:3448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:2
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:3352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2912 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:2844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2920 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:1392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4616 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:4288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3104 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:1816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:8
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4028 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4740 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:1700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4580 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4448 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4668 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3940 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:3832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4328 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:2832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4724 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:2324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3380 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:1
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 --field-trial-handle=1892,i,12811322376430053953,15619796316667795837,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4476

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1860

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
becfc85dc2bd3ddd4166b4171e14786c

SHA1
5f59868dc546d785bdf2c62adf2a9c611b5fe2b4

SHA256
389a1c817f991de2aea4b093854e91c42b04e00b17f09d445cc85f833e0f89ca

SHA512
a159271513f252661f4da62146ff541486dfcabdc661bccdccf9a5371fa5dd0139fa6f03a3713183de54bd1c9a3998c5d52b84b62d3f0978f51b198c42680732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b337275e69b594beb8c1fe606cde4e1b

SHA1
d3f619e1e1ef690d36a1e46cecb5d11c523156c6

SHA256
1aec95a5d6ef5c080250b9c22232adc78d8ee8fad8f6d6f3869f417af630fdc4

SHA512
15f406b5853a55b718632a85e80aabdea67526184f4d9746b4267251c607c040cfc9860ddd747cd3fc7d6dea950980c91c24d9c0ae2b4cf5abc8ae741eba9aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
57560adac70d5754128ea997fb7297d1

SHA1
75af4021878c21f4d47406d87ff750dc6004129e

SHA256
64aad39ae09e8a06d1d21c85d54ca6a365c6ad014a7d78aae2d42fd80925a41a

SHA512
53148d5193bcaf0cc9219d4dd1e0fef47c026b5d60540f1a2c34b39a0f60bd3750db2651fad908659c3aaceae99c59b4e43e50ddefacf784494ba15250131d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
0abff3777549f70171731eead2ce86ca

SHA1
7385934cc21d23b6240f86bd43b8d533dec678f9

SHA256
944030bb2cbe9e3672a59962a97d0cd0eec0b1ad58475dea76ddf91c30ac8855

SHA512
ae4c5f78753874d8c4247e4b84fa30525af58056ea915d8f964cd8951bd1064239aa1a10a842181dc85a9f5656e19736ecffdfdb561e25842c760798ab47fdf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
91KB

MD5
c7f73367ba35290a3da2a2396a5d8a46

SHA1
090216df1a873522af7d1496573ee9bb5c123c3e

SHA256
9455f4c839599100a633070a8375bb41dc60f0c156ec6fb545690e46c29d6800

SHA512
7b75bce09eca52f6b05de045227d31f0f8a7dea6a48c9e4f8ad1869b1bac997339100cd009eebf56b69504a2678cae40ff4f4d0e42abd83a94ef38456dcb1c0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e668.TMP
Filesize
88KB

MD5
24b2df8f93827b4a3ee3e6fb5d1aa98b

SHA1
4571631ed37151eee21bbef211ee50fe2abe9f75

SHA256
a438936c5cedb1af9e744c6d38dd09970ae08f83fe451fe85db0f996a2ef1c67

SHA512
6299f001981b5423c6e4f9b5e1bca3fef8ac04999573ace2992dc87cf7c93741b38bff1314dc68feda148569dc92de2e8bee8db5fe62a02b62a5d15d12da411e

Download Submit
\??\pipe\crashpad_1812_SWIJWSQBCAGHMLDD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit