hxxps://link-center[.]net/945155/15-16l

Analysis

max time kernel
144s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link-center.net/945155/15-16l

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5856	icacls.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
81	api.ipify.org
82	api.ipify.org

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133596404548706646"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe
4460	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe
Token: SeShutdownPrivilege	3472	chrome.exe
Token: SeCreatePagefilePrivilege	3472	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe
3472	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5516	javaw.exe
5516	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 1244	3472	chrome.exe	84
PID 3472 wrote to memory of 1244	3472	chrome.exe	84
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2776	3472	chrome.exe	87
PID 3472 wrote to memory of 2468	3472	chrome.exe	88
PID 3472 wrote to memory of 2468	3472	chrome.exe	88
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89
PID 3472 wrote to memory of 1292	3472	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link-center.net/945155/15-16l
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e616cc40,0x7ff9e616cc4c,0x7ff9e616cc58
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3692,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4932,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4944,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5520,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5236,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5528,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5888,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5956,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5724,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4928,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5852,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=6104,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4976,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5908,i,16150572594135801513,5394448623852809826,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4460

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3332

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
"C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe"
1⤵
PID:5664
- C:\Windows\system32\icacls.exe
  C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
  2⤵
  - Modifies file permissions
  PID:5856

C:\Program Files\Java\jre-1.8\bin\javacpl.exe
"C:\Program Files\Java\jre-1.8\bin\javacpl.exe"
1⤵
PID:5484
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Xbootclasspath/a:"C:\Program Files\Java\jre-1.8\bin\..\lib\deploy.jar" -Djava.locale.providers=HOST,JRE,SPI -Djdk.disableLastUsageTracking -Dsun.java2d.dpiaware=true -Duser.home="C:\Users\Admin" com.sun.deploy.panel.ControlPanel
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5516
- - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -getconfig=1
    3⤵
    PID:5908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2f4
1⤵
PID:6068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
7edf0b20213a530b7f5910799a4b1f07

SHA1
cf4bfa6b9981b50074115b500ccd7d9889f9c55c

SHA256
56c84702bac67ad0d37cf5f452519f527a09d24fc99e665dc65df13698ad1fa7

SHA512
0657761030441e5f33422633d7614279282c1cc0cbdf50ce74ccfd7ad19b70f0ad0bfb6bf4d93cece2e0202cb46944f95058ca3e10ccd0c3a1d3690cddba81cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
713B

MD5
769f3db6719856def685375c246ef8d5

SHA1
4b1b60d22b7a879a9e72c5e7102275e7b7aab6e3

SHA256
b7c046615b6b187bcc73d4a085d206fe4157008cd261839d32258a0ecd9975a6

SHA512
7b562dfe9176a6fa0cde7d0ffd06b0fd1b45e8e0620da0c95e1bc1062734228a94ad871e7e11e4a86408cfeb4110c00015b1a5ab03768a25921a86d6e5bef907

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
713B

MD5
e9105b656102510437bca409772d7cb1

SHA1
fc384a4a50fccde2360310333b80545d31ae73a4

SHA256
d6da2c96c2a63e85ed9800d6ad16f75b62ac054161462c57f16ffdc2302ba597

SHA512
abf68eb8e7d2157f2c1398d472dcf2bc06c27a0946ad9fa0d1f2a16b9ea7ee62cb971054134abc49c93220d57545bba0c4254b63f169773c4c9f794c93b6072e

Download Submit
C:\Users\Admin\AppData\LocalLow\Sun\Java\Deployment\deployment.properties

Filesize
713B

MD5
e9c37d76392683a9976430fa6fbbd1a2

SHA1
8cd43afd8afce5bd89977c13988053e2b4900592

SHA256
a7a9ef627979e8c3cb4f2eef8b2214ef313c56264cdcf5e1b7ba026e9f6fd7c6

SHA512
aa46e1fe984cc1385c12d817df19ce759b5cc5b096af465bbdd514f8aa4706bd7ea0b69147e4035dfd1705566e3d9fd8942dbb61d66ba577869699998cbfce24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1414b2a510ddf4a5fde1b63a1cd252e9

SHA1
f8bac5d7a9430d939168b93d8961121c41eae46e

SHA256
5979abe9917fef5a7f0a0b2d1674fc48f1a7e5bac6ae11a5ee978c6c549f1e8b

SHA512
3b3410d4f518f07d956d3666ea4be28913ab6631249aae7b4e8e70303c63334030c368f69ac172b7355e572aeea9a2487fd5c7af2ae9db3cb3e9865a4bf986f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
106KB

MD5
fb499fcfe21c897f0aa6933beec1d1bd

SHA1
e7ac11924de0ea908324ab89e8b62381487c1cee

SHA256
3fc4fc69dc6e030dcfe4d4ddba17e59e85b88bd271ff043f5360bb86e8df63ec

SHA512
fbf9835f519b60466daf7db03e254777a1e7ae76b33f42e1984366c63d520aca6bf4c1d609b56c86514b13e02c08aac070fa83f6a48d16dfe04b41126ed54861

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
f2ba9f9ef98dbcf704e6d4a817376b6a

SHA1
6b15803e5f89d4dd3b9a02a4d0be56fd61865c2e

SHA256
857d6ed47c311bba6be5284e406da070089f6df71ecadb5ada95588c9e46a7c2

SHA512
9ae68570559c9bb643639b91e71036e48135fda4240ad5a470b4ae90fd43b2a0b204977659a6b5b87637a67103449031e04156d34a6ffed423228d0e2ced4afa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
c1fda68dd84c7e8bc1967777b6091b20

SHA1
15992595e99003caa137dac6eaa147d5248c318d

SHA256
3981bab2a48b9302dcd9677e41f73d6ce47b837eebfe10b4c8e9bbcc7faff4d2

SHA512
8594ec956445ffbb46955cb4f56e4525aa803069d5fefc981ccee5c684a8e238693d93d3180e277a8def33d0b641c23c988da92d73206de869b79a4b4d4185f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
f40b5252790653690c58436eefc49109

SHA1
3a4b002969f49600302c91160cd90bef60bdfa54

SHA256
e209581e37313190a7d09c5bee830fbbce697aeb4a68951ed9e2f4eea6771552

SHA512
42cfe732ee0aefd9d59e2751b5c4d2f4d0734224fa42acec475c35527d688e0838dd1acc92f362d3d538d8ffe5ffcc70615dca4db6d7ffc854cffb0c12fcd71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aecf490452aae3ae2d056c7962b1d505

SHA1
928a769d84ce00b463109435bacd79221d28c8b7

SHA256
560706c7fd32ddb78d34c4f655eddaba7935ffa1096f794b21c7a25bce35650a

SHA512
77b3cbaf66b499fe1b02c70359e8178226a54ee901b8a98e27d024975a26b19f3f531eeab1ed5fa497e9276eae1426acc8ae1075a61af3698940bdb821f495f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6f01e58f0e681e5b262a872561b04351

SHA1
831d2ddc5d27b6cd7868dd92b0af7ed2c5f1c56d

SHA256
f7745be17e76da80ac12afb12c0e3eb623fe526ebeb6b2ab788d99935e0dfe98

SHA512
4f8a8eddee2b0f21f749253e780ace2b9885ae2c68647b8bb51c5f4eed73be26b54926b0640e0f6ed7e814c869c0ba8bd8767eb5c072f9b00608ccefffe0b681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c155d7f3f588eaee50f76675696a6337

SHA1
873a3fabc9b0e95304763ebe6ac872d7f852f44f

SHA256
1b6f85cd452302f1d8fa65ecf7a14cd10252ddba10ce1f417e4591fc42787965

SHA512
53e2cbe73078060c5976341162b3cf937734cd3abf65bd1dfde4414f567ee7ec0d574985a49646dab155265e707aa112e9bd9103e0ddcf761d696d0212b49c46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74938e2d0ed1564467d493db9442528e

SHA1
1783b0bfe440f67b5b640d240e6ac69f3c5047b0

SHA256
ee41cc059a2adaac9ca63cb1f9564eeb1c675d0eb67cfe6ce9097563fccd40bc

SHA512
628d910fb3a60782152499032bf63beddca102af24697ae78839913e416af1aee3b19e4079103b0b5ef43b4a40abeea070e0a3274efb46899d2a0ca729d86c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a8fd82af53a6dbf6585d9d0864937f3

SHA1
bf3245f2a0a53286c60e9c9d7308ea126b5fcbfe

SHA256
ab48b27bbb24e8c30241e29d7481be72aada48400d7e3cd4f4940a11cc4bdf15

SHA512
532ed9021e94732be95698f38bc83332f4d2042ed9db2fac8f486b9f865ff86cb380cc0dd6b2f3619e78b25f3a8fcdc3f69a86371a6e00410425c9f8d55052fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
11b44485006515fe9559eb248c2cc032

SHA1
a1c840e332ff46a04dac8a4aa65e724d12e15b5e

SHA256
c02beb54f0d21b862b0ccb9e7a43445cf1f262ee1152ea677d74e055e25dc36c

SHA512
602c57611365828af248ea8fdc452ae20ae54d52ddbc32230a393e0077fc406006cb81fef34b4d3510261f49f1c3c5f09598699bc98edf4567a2add6b0c2f3ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26a9e4b506c638938259fecaa17cb91f

SHA1
efc62ba5f91a69be46735b393e2941ed7dfaef0b

SHA256
82da8359b6c1e19a3822a3d4e9de118dfb08605781d47c7134c60b55323ce036

SHA512
3b1e480068933541f2ec0b37bc75f42b07df20e6072aa37a6e609f1b3b489884e00294b06d5258756a268260b4a52e4478500adc0cb1a3eff273eb0cb9606034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
924d606759d4a549f410be0a0a779d02

SHA1
df708b103d94a1ab3c1bbd34fb80883db3a8e35c

SHA256
515ec9dd1b0a85b39b7b5a3b121ac578b0478a7db46733137ae3fc03a8f60792

SHA512
864048fbf6ca6d986b4c1c27a12910274374fe67ed527e07ca1918a2f2691246bc6e1f8613cad91cbb5b074f6ab53005bc130773df3446ba6f482bbf91a427fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a1d5a4df60c3db586ee8c75773d585ad

SHA1
8c20b1eb81be8378755671351b33ff34d726a766

SHA256
c795e5442ec6af0fac9b9c6e4abecac45470d009a734db41ef7671cf1f7ccb55

SHA512
7c8503b95afc9041863f2d47d9e389aad39e5966816b46750d50db459c8d1013ff6a7be3aee6ffde2276f5d92c2be137ec0d54087e24d7432ee814c26be650d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5d879ba794cb783b2bd2987d907caf41

SHA1
d1560eb43d4fe267c98472c80a9ed0899dbdc97d

SHA256
bb46afc99cdaf2fc5775c601b0c3eb8b4fd823fdb19e75e6c8c8ebd9f7c45c44

SHA512
c5284b623c748de99b338825184179f2b11e28a153e5b42554a1d4c2d5249f4090321b4d7d2c8e11211dd4582361998aeadb2105ea6fb6bb9687e504d6a85cac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
111b356c22e0ca5b18d4c0dcba664799

SHA1
82c10ce11afad8af1cee2ac2e19d7eb901168842

SHA256
c571fcd080883bdb6cae41649e3181fc648ecdb765a4a788a289b8401d876a7b

SHA512
872d10f04dccdef0b18c9b96202d148937f9d85a5a8702b4c2d7310a93982df2f514a31197242f0b3abd1e8fd0ce79669fd82ac00202dfe3c81bc179f35e103a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b06cdc6f354b5023b9e02b98b237bc82

SHA1
c3225f46b31cc3eb4647527d2bb04c73229167a0

SHA256
2faa54db4d549b2e0aaae2998e90964e22aab3077e18275a998170f0817a0f7a

SHA512
91a90c685d3db5b00645f918b6ddec7c3ad515e8387889e90532057dc232255c1098cd9832f6d1623342480b341d0d81200cb6d30bc91cc980436d2f6d11a2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea7924324ed933f41fa03219ba3cf3d7

SHA1
69e2109177e31705a127e8fce338835c4e9f750e

SHA256
dc64e20a8a2932d10a22b89b364eb08902b99dae84a0d7c484b2e3bbef19fb07

SHA512
d5d7648958fa234e05db8bdca24f3d0d13ac000d8803c2df7cb6b87123c104b0be0584589b8b275fea039bbb30d6b30d7c81eff52213a2d252c0f9f298c0fadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df241d9c169248847fc71354ac426e2b

SHA1
a0d35c954239d3035c9817969a0059e87233ee8d

SHA256
ec560026abd6ac085435137addef1a15d79469c8d16ecc9ab93d58f14a79f01c

SHA512
2b12992e0236a8531df08ce8cb45682a47bca230ff81f3b4c9ac44b9a1ebe328731d5e7d4a5369d258fad1ce30ef470b28aeb2bc6d60126a2557e5d05b9b3cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
99f383b53d7bc4a207c5e78ec2cb4bea

SHA1
d6806d8280f04cb29ca447c7482050a423aa4dc1

SHA256
adfa0c5cb34bfbcc3ec07f7fc03ccbc64db22ed1bcbf1a8e07dd0d4326efe988

SHA512
2ca5773a20d0f2fcad3f60e08bdf8676fe333672d8f63efb29a0dee3b5bdad943dd9fa3ea810c95930552a32614b9615e7336fed96348dd080991f90f04a1e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
8d48c4f199a8e5ee19fda315cc18cd42

SHA1
fb50f92d26b2bac751eef575aa2bed4e3383b0b8

SHA256
47bd97be37028b5174abf23663891dcb19dc3633b7bd28db755b647f3b1c3730

SHA512
ce541b419883bf9b467555f3373f53d158bdb5c8542e0cf970fd10c688c2f50ed7730ea6deaa007e0881ce0570e9cd978f6081f1410f285f81f32c1f6c1f1dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
e14eeca991886ed3e3395dc5418a26d0

SHA1
b3c186f1e80b14fc3fcef18c933cd9cf207cd37d

SHA256
282ba3823e5906f07385954170a7cc96e4f0c4e128fdd67094ce106cb663091e

SHA512
e6a5c1bed9013d0cb25b3a9e8df9ecc1032eed7a78d5a9409437f44bd45b48a4c705c91832bae91f7e321c317ad72d39cc8246073902822ed3270dcf14af5cef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
e9ece4ec61ce7c7f29e9de0539ab6a8c

SHA1
e5b2a9227cdb3b5507776d9775c9d1cf36058e32

SHA256
8bc5eddb4b7816303ddf0232aa710b14c186d8996eae0fc7f6cf9cef1128d47a

SHA512
3a2e194baa96188c5f310dafe2da9b6e9addb802c5b87a3a641c853fb4a67a85acb6b2363104d1127eeec0e995e3cccbccc0406453452bf48991b52e81359575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
0a1aa402d3ea5ae114f9bcb69c3b68b8

SHA1
4cb5555f06e00f5a7df2e5469287d60d92804541

SHA256
385e3011282b85244dd01930dfba7512030efff88becd4ec59197f2505fdc8e4

SHA512
32c9cc12716a211679843295e751b5313e168a19dcb18d2c9253c3a156625af24fdcecd27005b273f1477cedface565ccf4fad223c99a65b11f5f0c4a08c7eaf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/5516-341-0x0000016AD1E00000-0x0000016AD1E01000-memory.dmp

Filesize
4KB

Download
memory/5516-342-0x0000016AD1E00000-0x0000016AD1E01000-memory.dmp

Filesize
4KB

Download
memory/5516-256-0x0000016AD1E00000-0x0000016AD1E01000-memory.dmp

Filesize
4KB

Download
memory/5516-254-0x0000016AD1E00000-0x0000016AD1E01000-memory.dmp

Filesize
4KB

Download
memory/5516-219-0x0000016AD1E00000-0x0000016AD1E01000-memory.dmp

Filesize
4KB

Download
memory/5664-175-0x00000197B3000000-0x00000197B3270000-memory.dmp

Filesize
2.4MB

Download
memory/5664-174-0x00000197B2FE0000-0x00000197B2FE1000-memory.dmp

Filesize
4KB

Download
memory/5664-163-0x00000197B3000000-0x00000197B3270000-memory.dmp

Filesize
2.4MB

Download