hxxp://thejobscc[.]com[.]br

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
24/06/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://thejobscc.com.br

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636708818133679"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1244	chrome.exe
1244	chrome.exe
3144	chrome.exe
3144	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe
Token: SeShutdownPrivilege	1244	chrome.exe
Token: SeCreatePagefilePrivilege	1244	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe
1244	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 3688	1244	chrome.exe	80
PID 1244 wrote to memory of 3688	1244	chrome.exe	80
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4584	1244	chrome.exe	82
PID 1244 wrote to memory of 4044	1244	chrome.exe	83
PID 1244 wrote to memory of 4044	1244	chrome.exe	83
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84
PID 1244 wrote to memory of 3728	1244	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://thejobscc.com.br
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff9467ab58,0x7fff9467ab68,0x7fff9467ab78
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:2
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2936 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4240 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4524 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4712 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4756 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5036 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3176 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2208 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5696 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5304 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5292 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2656 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5956 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5660 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5800 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6044 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=216 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5992 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2316 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1468 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6016 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5796 --field-trial-handle=1776,i,1617653029768016590,10820334481016470201,131072 /prefetch:1
  2⤵
  PID:4724

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50dcef79-28aa-4d9f-aedf-cd2bb2165e7b.tmp

Filesize
7KB

MD5
88d282a6df208d2295b395d4f8195673

SHA1
2ad680b2d6cf7160af1d4f4ef809085189b1f95d

SHA256
6bbe881aff161e30c2dc6409f1e97baa92e7becb49fe8e3b06e2196f9a860f5a

SHA512
5a971f63765854dfa02ff13d701af7d4f081c2af7fa957f4de109885a54661030322fae39035bafb10d02fc957b14fd1c78153419ea58eee06a27eb429dc464f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d48ee6362b0c29afd2b15715d4653dc

SHA1
373bcf5d5832f2dad6857afda46974e41d884ccc

SHA256
9a90076b5816976393015dbaed431593e4f658ed5a31dd3f86a4398b5d3d949b

SHA512
b2872314bc64f0d89b30a01a330a9fc910c5140551d659b2212d6870224511713ef870f21341b42a7ab2520618d629267c63e7589a6552b234e4a5227f7d4d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e382ff44afd12f1adb2ce232925278d8

SHA1
70147146825ec3eefac60ac2ad62ec73d74c6c58

SHA256
212af31c2c32a3ff2542b1b9dd8d607f326ae1b876bd2977c5f97f75c0f5abde

SHA512
002a099b3218191ee45468053ae2cb2cdabbe5f8ffa9383aea1c67e8225c221d1c6f2c199b2d4fd7ed5cfd339bae038e6548a373bd8305931aa5522635295dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6d92c24129959dd6f13b6ab09f25b8cb

SHA1
742a418f43103521f234ec6d1b5545bce48cda2b

SHA256
43c894155f3814decc96741543b68c29b59323c8a19dd1f5af8a54d70bb56efa

SHA512
ecf8b9277a494af9ac217ed6810f76ce9e11aa599a12f6fd46cbc6ad870f787c76336db39cb18cef583820131256de4485c057fb378faf52ca293fd0013c15c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a950ceef5b9e227296e24e731cd31431

SHA1
77b670c652f0873d8a68e2f277e92e286b32dbe0

SHA256
c899d47f02a6946a416ca49e9084c972ee49f3531650f4838d46531c3279e550

SHA512
10be3548fccba57cd896cb428596ff013a69d64e9ad09fef9b0e0ffe1661160a687c7e4cadca2d9f261fa63dece7b902cdcbe187b3a5701d85805ebda3f40c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0582ad48b8dae057132fb34ae9b2bacd

SHA1
bc155a9308babf5659399abbf0d8dfaa24a2c76b

SHA256
8665dc4a30dd535b5a06b7b35b90c4b511be3e79c662f3001521def6ee2eb80a

SHA512
5fc2bb58340e06eb738dacda8b46f1284cbe270e5fc5645b8df21099a1676c03f51b4008ab520e3200e74c7b5e436aa30f0d4672929406958ec13d24f0c4fdc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5941716d6854f3022ec6efcc5463a3fc

SHA1
966772cec56d5dec19728426c26f374094881abb

SHA256
9d4e97ecba69b5173aa708e4fa2e41caaf6a978ea537656793d2ffe1ee8a4159

SHA512
c5cd916efa6823a1d4188d26bf937fe9c59e201aa077d82b2a39f27d3a300ddcea74f15780df5995c447f574da5f35aca0530427ba957be82eef05b638cd9b90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c0b303b7e3f7b8d2a1991acf8049dfe

SHA1
dba7fc689cbb2a039f47d5e10b83632eb397d5d4

SHA256
6a3d087dfbdbcb2e211acf7170999d241b25cd4d9ceddd8d5dfa20bd12eae452

SHA512
d903fed3786871318eabd29d07396dc8fce605fd8d17a888e2cf7a51b45ece354890f7a489fe124805d3d7bf122dc01cabc57edaee68825cf4ab12abcec6f4f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6d4f4cf982f45641095f7bf888b3037b

SHA1
c073a3dc13967c4fca8ea482ea0a271b2d0f278a

SHA256
c37a2fde84d2aae8a076c9febc578cbbaca0b489e327787346fcd252266e6bc7

SHA512
f3423d4e215930d176b7d87b1ec9ae518ce343c0f0d23132de1bcf43e5d0862e4d91ea0568d4e2884e0d0d16b385ebbac0ca62d43c4664c83de521d5a266aa47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78b1c4b89ef2983e0a16169126ee9d1d

SHA1
9af23f68b84834e55e118c2a1e0b60cc9b655c2a

SHA256
5d5d148cac2ebaf0695c7351e83a59c690e98e982f0258cccb71394d5d36bf28

SHA512
5e466a54103d03bc40478ecd6ba1c579a27b5059d30e0402521e047e40589acc2606e4165ff82c34c605bad98a2e53313dd1225be7a9528bf65362ad7e1ddc00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ba22a462-43e2-4414-baab-c361a4d447d9.tmp

Filesize
1KB

MD5
9eaa28f2124ddb6fc1b153f73a89d736

SHA1
13aac48816347db4705178c5de29c36249e50d36

SHA256
dd77321a9f8f0caffc6ed9483a56cfbb8fd2f48c3596b1ca47939100150ce997

SHA512
5dc6e13cf42c79afbf016253cd7d827ee58b424cfc8a441e2ec44c47d043252a9cd19642e75f05c336586e58746ea9c046d7fe68c26c99f1b03cc3048519a43e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d5c3faf1018074082a5c0196820f6816

SHA1
372e1a285085d6ec1bbd5bb4e42d36be5d5a8477

SHA256
de4eab2b3f903a7b4002db21d1b44c2d2175ea929f25f09e24209be54dbd8f6a

SHA512
42817d0e2476c316483b4f8eae4345dfe58010e1da5f42726b9aa2cec04337c2f9f47eaf89140a7a8de92b243e274afb9cd0980ba4a7e047dac790fa8622bb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4d5078b7eabfc60cb56e25fca59d01f

SHA1
5946747f36be056f94e86182e4b821c96d7d5264

SHA256
7092a7d3733a9b60a83d276aa06e65cf7db4c3f4d22be0bf4e3c415508f556d4

SHA512
17114e89b7894e2bb9d0e2d2324c883fba193a727d4f0ab1a01532bf82b531129b4ec5e8f9827c1c93ced17447825e09c581078628a1d0c72553667b2db1d5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7fa8538bb9c0064b5d490939fcf33de7

SHA1
7f67e101537415fabbf6c5f36e165ddc688116b4

SHA256
8f5007ed862e1b07e2fd1eace5cefdd785859263ca6054eeb80b0e2d5a34fe27

SHA512
29f21039a10ee21955d4d30cdd674c5f418fd758fd97dbc265f4be8a17039621f3eedb9b599da7a74bf2bfa5347dadc9e8babd05a32f9977bbcebc0c2fa9dad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
614b9f5a453fe1f6c241df2ea015ef3f

SHA1
fbca08de53ed69a1a8385f0c90815896d113bc87

SHA256
37a227aec1b006bd21fcdb382466c2c0cb0260c5af97d5448c0e1835db4a8eb5

SHA512
7f498c186868d96b8774b9e8f3d034062534980403e7681c9a0433086321ce6d98b45b97efb3c285a9eba775ff72485ecb3f738f7d73b46ae1baf2291ac8eb8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
30399fd52d312be2412b54ea7a91803e

SHA1
78d129e83c375047b66f67eaa2e4725c557ecd05

SHA256
1fa13b325643043698d2bc329e36f361e80f9a69631b5858fa8852763c4079b3

SHA512
6c81837055418331e826cb7892f159d35736f76cdc73606ca274375de567972d87db75f8b0ad5686b40ad750f53e084cbd01c27205286dde0457efa2ff80832b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
bdac73f8002edb00de68fc26f25bc4c2

SHA1
848e650e858f82d0033c6dde1e87cbfd1b8658f3

SHA256
3b21306d50ac889f8fe38885a7b12cc5e55950f30894f3e1af86f6328dd6663f

SHA512
3e776c002a1d3650b2184759ce09a18fad711702da5aeee88154a0c82a6ec6e0bdf42d1ebbdc152851d973e7030221567690f9588f85136d0eaa5073e9016479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
70c08c61df8d80052e4c2fb47f9b15eb

SHA1
a742b351ece146b56af598de72721526252c7a2b

SHA256
32bbb15ded0714e969a25ec2f04d8e2bf5f319d2af4a918a4c72af9cbf92ecd2

SHA512
9d7fcd6859078311ebc82693652dd42eb4e68dfe5ccd3ac4a8008735cd8a5165cfdabd985a8a17a8e707ca3d77c596daa12c5551c069bfddc1dcbdcbcfcf2db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
10dcba753b17106dfc06a86fa8d0db4c

SHA1
72ddd8d2fbee2c0b4b71992f75a1a59d1fc64ed5

SHA256
afbe8973ab91bbec3e35f0e92eff178e1a1aa4427b17c9202477649a5dee7037

SHA512
6dcc78b6fd3479bb1ca309e5359079f76e74cf2bc7c3b6f8c4f85358f5b15e0136a80b26d7abfeb5c7e49f624403cf189ad47f589e755a9da088fb0294abbd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
f6ac8510ae0ec23ae030e26b5c73b677

SHA1
606b3a088488745ae10eb3958ef30cefacc5bea3

SHA256
76bb7605288d190ef5bc82d570109a201241227f55b30c8539cbc9c6b2264d85

SHA512
ade3ba8127e61392c5e65092284bcd4f66aa6e95445e77dcaf646bef851250de7234ef62306704d7500616c763a8df4faf444e1b9a4b349177d98ca33ebb8cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57effd.TMP

Filesize
85KB

MD5
46d972dbcf36f12719e29bc634e464b9

SHA1
b355c6f5002e074ab08ee42a88e5eae63d88b0e1

SHA256
f53cd512284f93ac268e6fd55c6cbb70f2d5642f0522ea4081bdde64bcd6252e

SHA512
e87414c8747334d63cd196657a5f6833b220474c01a05ef4a77e91067c0a64d3374401a9a3cc9e78cac627d6169e15a184595d29f244a4c1e78ecb1146438559

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit