hxxps://getintopc[.]com/

Resubmissions

18-09-2024 20:53

240918-zpf4tatbnj 8

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2024 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getintopc.com/

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3456	winrar-x64-701.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133711664236476608"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3456	winrar-x64-701.exe
3456	winrar-x64-701.exe
3456	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 684	4644	chrome.exe	82
PID 4644 wrote to memory of 684	4644	chrome.exe	82
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 2444	4644	chrome.exe	83
PID 4644 wrote to memory of 4804	4644	chrome.exe	84
PID 4644 wrote to memory of 4804	4644	chrome.exe	84
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85
PID 4644 wrote to memory of 3872	4644	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://getintopc.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe318ecc40,0x7ffe318ecc4c,0x7ffe318ecc58
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1900,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5076,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4948,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5260,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3640,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5620,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5388,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5888,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6128,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6360,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6156,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5392,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6316,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6252,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6284,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6328 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6152,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6652,i,6396273137000803678,8286386270710061939,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:3100
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3456

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e0965a36e63399cba161c137d38bdc3e

SHA1
7eadb2baaebc96e909d488b8d73b4130aa59fa47

SHA256
c4112187c70cee27d439be93592c23335da3f909f672443d2a719a73a042ea62

SHA512
9f1d632fda53e088d4e56694326d821386afbea2912a858a99012e12e43b8cadfb70283ec5e7857491326804a2360b723d768f012ad0f8273dc3cbf7dbb11637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
78KB

MD5
fe51ab178d3987f7ad219f0e83e87cc2

SHA1
4b24ff49fe603b5ec0251b935d2d52ebd7a15a49

SHA256
bf61b9845ca19fbd225f8dd2eb0381f7bab7f6dd8301dd9ec095b0ca07f98f0b

SHA512
26e247737998cb35c6e8a0a49f5ea468abfc22dcd239cc7855f29db65617853da4a48633f5ec392e1bc6dcb9f5988161f9c427ebb422303a224551672f78d074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d65e9fec9e619a88c815df153eac897

SHA1
03f500152ea450dd1b4651f04c8e73ca64c9457b

SHA256
eb30c01f2aeeda6dfef848530ef3ac30e0c5d1b0d46947e88411146495f77dbf

SHA512
9c29b680661d05ee88c6c2ac376d2893fa2d53e4ebf7e5f2d544ced935e9e98b9c8330e4200f4365a259d0f0f2af5ad6a7f7ba6ba3bdbb34f1027c8d158301df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
416091417459f337d836fd1f05aaf167

SHA1
60d401a316dac7b3f8aca68bdd38866d1cde5ff7

SHA256
7ae42fbc1e846e5ec89e1cbb50738856b661e3bf83a3224bcb4360045e4609b1

SHA512
50c2b9be0ea388c60b50f520375419a3df7d805d7df2f7dc175a3f99ff08f88356a38c7bb29e29699760235e6ba400d88b44b391717d939b548d4933ec9f353f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
2d620c3d1ad195dea52cbe1a78feddf7

SHA1
fe9dcb80976685a8d35161fb3448977040069c22

SHA256
8133c8308e969bbf5b1446c7fd7fedda4a885f3ee41516e37263bd8dd7023012

SHA512
ab2d1b336ff65ad65b32fb41cbae1abd95d1115bce398bb8be51837940927607e7f75f28949680c801742d136faaa51cd206135a9d60b1ea5dedff04a6a351a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
25aebac1ac87bf89a4b24ecaeb5b71d2

SHA1
d2cce83ba695dc8df70dd1a829637049c56a3f55

SHA256
623bfb7027a240564d9574fd5b5cd9e23069586b9cf665c3a8e92dc75002b7bc

SHA512
c08867c41c8360c8fbcfff36ff0a58c0b7dbad278f4590459fbe0a75355e48379af75926ac3da6675fb9ffbab0ea1e7306226a248a78186288fbd8c7c8ea6e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
54d398b496d21fc98c2d6f2da346da97

SHA1
ed758a0ca50b55ec7529f258e6cfaff0b6f51c09

SHA256
aa8f50f10833e0985b45489eb7a169855ff10b501d9249628253600817f0bf05

SHA512
87275815d27cf15821a44c9daee63f0a98f5b29bac590f32b2bf502f4f940adca3243a4be4b281710aa610a7a556f9ee90773160c200c2ce2c423e569ea4e9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4ef627c61d516eef67c0984fa8ffc480

SHA1
17b9beff18d39ea9f9a7030a4b5db50a7626aea5

SHA256
32d57865f4784d2e6436b868c069702ed0f9e385b0b91c6c028ad6819fbc825e

SHA512
577596b97ad29907f934eb4bf6d234f227d51b31b132ef59c59fb56e7f32d3c7e4eb17c520f81340358eb51bb5eab3905e89e1f9fc5d6084e5bd44161dc2da93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d55cfe9079d729e1fee4dd1a76e7b108

SHA1
852e77130198078d36467ddfca876cad4c6887f8

SHA256
7343c7eaf727321ca51a5be3b4db6169d73ac4abd28af1eca11d57d54fb37880

SHA512
966fe0f657b3c810c7d4820d542b443f0865b6fec0933ecb0fcb5fcfecd6fba9f71aa092ae1dfef0ef775fa5fe90cf3cd5e12b02c495f7091d3ab6ab8144647e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0bb1d378320c23ec15f5f16f4b09bf1c

SHA1
ff01986a5d3fc0e84e5623127f4ff6e6fb4b4afd

SHA256
d15b281f987e9206b95a906564a2bdc096a62c0f18702a28f30bbf8e8f62d3c9

SHA512
ceed34a3977517262f302e1206c640c64c3219bc78ad0d16f7bb2b787db020b85fddeed8363212b0cbcc3f778db7eba10f6405e4c093a7fba3540f1812a12c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bbe97727c5d59a2681c2be2d30d925dd

SHA1
187f22b808fb030d905388834409e311118ac9ca

SHA256
5b94cd5984b4c576c5d64341fc5cf91c16ec8172cde83ecc5e43c18a26836884

SHA512
aef33e385478bad5bce2d95c02133fe2f4d4b626d8335a194a44369be8f385790e5ae2f8ef98057ff9e8f931d371e075966bf6c36c83112dfbe0fbe24077ee33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5614ae404c1f71e43009e0cbc3967f4d

SHA1
db34ed640d57a45f0014219e96612e06a175e49a

SHA256
645969fd1d548ba5f01f6db87ad611e8cf12d35eda2bd64990c54d4b8ca94b08

SHA512
1947c911914a5277ad26d979ce74ca6034ee6c460aecc5843cec96ab030886a6ad9ec09ea7178a5f20ad345f1603d43c0a7e9272ab57d715d166ae3d8c7e3229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4b0e2e9407f49c7bd7ba23f2e07614f

SHA1
3aa5ac58dd2275d4cdbc188391d798701231af83

SHA256
90dbe4b52c382b70f31ee941fad305b657ddfec705dd04459d22e9346d49017c

SHA512
9f77759b24870d6584e5f0f43e71f472d132caee6ba7a64ac81501f77e95d309b38bcefec9943805a2d1d68a22abc329237265e7f85e011672d8b03a4ae0ea67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a1f613d89ddeee2b5d7d90adf071ff1

SHA1
fe8bebc263ac521322750abae6afd56ab71f3a81

SHA256
0aed91b7b810b66e5c176b7db0d9082878bcc55ad23f2d2c21498e217de72e2b

SHA512
24f3e80893e1a77bba75ae54d30cb830226ff35401f5553fc4765b48c99ecbfca9cf840c2f8a645164a309c328385feb2a5988013af257a2a522855a42dacaa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bb2f0a34502e99735aeaefbfe5820eb5

SHA1
cb458f69a698d182eabe1bae5f1343af18d5fef4

SHA256
8d00ca8153648b8bd6c626afb7ae295d26d84dba6e81addb955532853b5e02b6

SHA512
65d3bb5af601c249caca0da6e44b95563faa578c3e11372dcbe3d0d8ff2c1e0789e95baa0c381b8fd50dfc293122e640c21dd4a2202f27dc496eaf43c95ac02f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db28b75b223e3d35ddca0cb67a8528c7

SHA1
deb66466dc39ad03da2c252539e84d1681650d32

SHA256
5b137d80a8e44178171299abac48e3be61ea9b2a5e5e9ec8ba42c13c52463d73

SHA512
302a3f9f74f6baf53fd70a3ecb30ad14985c8e87fc01b6c5d7147c1356d185966a8eae6fe11a10b3bb2c9402f03f52e3434a5005d63e8369c735c1a05610815d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7efac9c5c9e1b0ec0faaa0eb86cacbcf

SHA1
1fe9a18a965755c6aa694b192750b738dd7c02a0

SHA256
b83c6f29cb5c95235d194912685ce819c2d5c621a1f71ff4208be38dfed93abe

SHA512
f0dc40f29fdba773c998379dcc68e22f73586798b6bd5155ec35d8f7f8b04ddc4280a187f2a605f875a7a0cee65ca2b9056a1426741848f4834f12c3b2623b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20b48b9f9bd34f875b20db633fb5079c

SHA1
32f10491e49da4110e3968e95e74525f41b9f812

SHA256
49f2adb552729aec334521a4bbc32811e4e0c7433ef50a9566beae08502afd65

SHA512
d4346b27504ceac3738b18fcad05a39d34a5ebc00f949f814a3d1fa7ce56d0230e4dfef7814e9fa127a5f3d3761bea8f22257935538393aad67b9fd34b719be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
173f50947d2113533fe33f0f1a498621

SHA1
5683ddd4b61db33140101f881a477a1b0838ac01

SHA256
ab1d22ae65a96e8679148be980a77552d844724b6b4c606b168382ce9a6784ba

SHA512
8ca3adfcc01121e7083069bddedf6007043b5ebadbdcf08488cad9bc19b2b40127562f2eea16a26375166ac2d83076d747af127dc1762e396716f583644e3f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
667ba2dcb4c21d99b94189ef28ff36e0

SHA1
7897fb77e15b93fe230f84151cb2fafb773e7f6d

SHA256
7eaa95241b0ef6eb2a745f7fd215ae746796c4dae1de9ffeda6cd1baebbe5a29

SHA512
f6d9b8db8c07a6d4889c1d854ce235822fe1e1d87618de0c9f40696499ee44af0a530f67a443fec01736740e31feff7b1b779cf95523c0c6a655a67faba038e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
315e520c7fdbdcfd9068c4d6f0ac9435

SHA1
f3116f5b7145afa9070384944e7a9cee8794f449

SHA256
03b6b611964dca365cb0ca9b1b852ed68e4a90a17a3f95f35d495bad3215e61f

SHA512
e44a418ac0e520ab608273f42117dc0da68ce31960989a8071593dd46e0d793e4d9b2baf3e2fc6a9d8e9f32f863b34edff7fc72cd35a78ec5cae675163cb5130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b081361969b936f7cdde9c35b8a8576

SHA1
927e83421b34f16ae0b16104b15e24140ca191ca

SHA256
acb5fe2807f158da228d1e6b87d2f6bf9d1a9c4d3852939ba91572e6491babe3

SHA512
d91f39318c474ba2b4843a27519710735495f195c5b84b0291c8ddd2f3d3d3ae733c4ac174c812633008d010180e5a5119f3d6bc921be19dd0278d86b34e535e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed0bd8e2cbbee2d3791db2a14819a994

SHA1
d4db1fa63ec5ec7b81e11ca52a3f8fcad77b2ef7

SHA256
38c629471dd61bd5ac217c9ae5a2116fb4a9ee97d92531ce96f2f7b6130f1a7e

SHA512
97d90884ca886a6d63f56725927b6a99d6829061ace699bbc62d7447c0c4666e98ecc77c857ca71d75338181af4c7ae73ecd7b32f87b24aaaeeaebd3fa3493cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d5a0fda92b55718592e0b50f5f0b5fd7

SHA1
944513b4d3a48b42f3ae6406041540763174e1ab

SHA256
94792e9f0b8789ca0566f7e7b34d61b84be6a86cb0168d0f897ed25147f30b77

SHA512
89c720c364611eb94429cfda7913aaab7fdaee5b7890ca89cd5c4d45488e0d8f9c043b2173dd2220e872edd2c3ccb34ff14076655ffd3a86ee7904dfa1d51d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ba4f929b3f4fe16f399e40a565b79052

SHA1
47d785daa2f1312cbc377d87e2f1f2ab557e3221

SHA256
b8a4be23a30b35a8726fc3b2b42f5fcccafb3fca377aef984da53542b5442fde

SHA512
149fed737b6b6292d5fb2fa072e81e301c194dd2a87cec30091c15a53495c3108f75c7708ea2f267c26e5589a5d3dd39da80278b5515a513e4a462549a2f225f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
953f0dbabdb917e499a3471d76f14068

SHA1
38c65ffe6aab7da9d98dd5e45a812122fd8984d1

SHA256
5053375ead8f918515a88d2f16592299a9127a16e946afb37e77f4295ec8f345

SHA512
1e975b4530d5a0384d9194b23cfce21173e70a0a5b85210240da6f62afe494af03053f83e522162f43a0fb750950cf9e7c56b78a45af77206e8b849d18eb9de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
39da27bba46e8f17336869457f319517

SHA1
fa490cd0b21ee3a89ba5bf24e43a4820f3557982

SHA256
56cdd3990e2344ed629cccbe52d29661c9028cedbd51fbc64b23385d98a0031b

SHA512
7f82206f29722f25922944e69eb53881a2f6d4e85eba50fec0351329a1850f1451f51b421dbd395b8bcb599356f27d2a9f0cf0ed6438612dad011beb081ffe2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e484a2e5f00274042f5ec27bf96d8822

SHA1
c20ff95fb0f047811df1f5bdd8bea1d2447920a6

SHA256
c56da782dd10c9289b1971a985634d5458932ad863c1c7ab91eaa6e9457f0464

SHA512
e51cf97f2fbe0967d43d9ecce50e09db1d93fb112278f70529512faa51387918b827f2668cb3755e35f35ce4dd06e63d09968c81b5e792b2e71ebd6f74c39acc

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit