2f8c78a248bae3767a428051948b40f78b0946f093215a69ef25cf179c62e072

Analysis

max time kernel
129s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
17/03/2023, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Saval-20541681.htm
Size

185B
MD5

e202c54b6a069be5fc3f6521bce2ab4a
SHA1

64be3f9b3c3ecab98fe1a05dab20eb8e6bd935e6
SHA256

2f8c78a248bae3767a428051948b40f78b0946f093215a69ef25cf179c62e072
SHA512

de6577648874c845ef0df8463b858500e76ac0e5c872063eb6e022c325dd4c2e46df062a0fb1bfa35f1b8ff0b794a3ccc25a031fd7622facf639cc1dcbf18fb1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133235279473012478"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
2084	chrome.exe
2084	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe
Token: SeShutdownPrivilege	1188	chrome.exe
Token: SeCreatePagefilePrivilege	1188	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe
1188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 2544	1188	chrome.exe	83
PID 1188 wrote to memory of 2544	1188	chrome.exe	83
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 1372	1188	chrome.exe	84
PID 1188 wrote to memory of 2772	1188	chrome.exe	85
PID 1188 wrote to memory of 2772	1188	chrome.exe	85
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86
PID 1188 wrote to memory of 3868	1188	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\Saval-20541681.htm
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9e639758,0x7ffb9e639768,0x7ffb9e639778
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:2
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3480 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5144 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5256 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5604 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6160 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5268 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 --field-trial-handle=1812,i,11849332804481045739,12871590048491769367,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7fd23dcdc570a0eeb19e8bd9c9359caf

SHA1
6e8714b5fb9b250ad23344df80b8cccbde0a2660

SHA256
fc3a3bcfa41aaa20cd2490fdadab45c18d0f8206aa50fa8dd4cf30fa32eb0ede

SHA512
dba8100b22acb7a88d6529d327b272afe2352dc0f8a8b5d649dd8d68145180f8b58dac7e01561f28977614d4698df3c139cd6f5738138ca6e197e6042d8f7308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
cde5a26434ff7ea08a9fee636cb54d7e

SHA1
8358be1f8ce6b4771a1fe710faea6abc854fc63b

SHA256
5ab6cd245cfeadb38d3621e3f49e4ec9b639873bbf660cd5d2388f8a6b2a553e

SHA512
5b9b145fae159e7b13dd20c2e9a99ec16f4ae5da0da66d72a15065782d9dd5b6ae50703c222fda282fe8d5a3f4585d60a28f155a1f03bf54a971eac7dcbdb88d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
664cae0c80c80227fb3f736f49e6a8a6

SHA1
1ccaf21d994d074671f2386b1ece9def45e3bd85

SHA256
ec815f979262bcb9795a3781dcacb432a28dc0cc124d0fa70ffb156fcdade305

SHA512
60ce877bfb7238c1326fb38ffa24dfa35eeab47306b20119e3ed0da4f49dbde3367da93079cf0de3b5172a6f5bbfd70676cb75fa2c81008913f25ca9cc15b7f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aaae40615093493c4e768f5fbd08a0c3

SHA1
f44b1315585fba9d2c256049914fdd7ae9edd369

SHA256
a60d9a4308da8436ecd35faf7187fedce9eb55d12950d5e479aca9d5fb2a30b2

SHA512
1ace8754e7809cb89e89f7646268775da80d09f34693916f6aadaf3dceb258fa350a8723b8c090f53698d72cbc00b673b26378cc1c24e3310148b6350a305439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
07d565940e59cdfd65d6aa73fc5174ce

SHA1
ba0011b0276b03952512f60f7ec826f607c3a392

SHA256
ed8903243d25bc4077a0a970bea0d029f9b063b3c43845438898d81a1da79f43

SHA512
d1ec327e7c2538eb93e7b45c6f79dce3bfea8ea9ab790f135a86592c93accf54937bd75b1e4c8a8c9ac9d7414a606143c5d2adfc0fbba5c604007562bd9545ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbef6d2a5b30764b17c3c15607a2768c

SHA1
dcb11f63c12911169099ad9445be1930a35ac6b7

SHA256
ce919410b5d9d36d4e889d50138381ead5c8a40d3a1193807761925662a987e4

SHA512
acf1c2c8b568221c2fbe42d26c28075e76d84de5e4033ca36c8e16c8c04ec3d09272b48892bed1934e268b0aa63f1997ed487431e15e6cf9f64cf0522fdce511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ece15e64750e533be21e9c4dca56858

SHA1
565b272f71c1849500956654e72cd14785989bea

SHA256
f8a32fb6f7bec00be99db481a86fd0c3e6b0c6db4e6047a655e697791024b11d

SHA512
31addaef33a3fab87e43f7e6e7f9e33052f25a701970af235d05c01b85e6f048fdf9c5f137e306e7ea62ad6b199e1adc3f4db24a9cb6f1ce97925f02320126e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
96cc6be3febd416078c1ea5008ef01cb

SHA1
27648375a7dbd397071c6d89fa0d06268d1db274

SHA256
1ac53793ed65ec2cfdb4c7416257f8b2787af55a54361c791fc5e9af197e3324

SHA512
2b6469fdb496c625eb2ced0e46a5d653930024e3befb9b152815b3dbd64e7ef05eb9be6c520dbf691143cebab79df8df531372432fcd1f363f0a30a12534bbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
146KB

MD5
9bb68188396a144809cc827d412e81ab

SHA1
82e234b6851a3cb3e89e268e080664e84a307824

SHA256
5cdc749ba6e28a289a0e363284b4911488d23a87c1b674381bdfecfc02e4db58

SHA512
0da85d728232452997a75453a7c61116486f33ba2b21d8acc989ad37dac895628ec700847e11f56ae4c956d857d87debcef84bbf03d3319d663a6e199a243d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
f598b4c840e724c2401e2d9d16a5f72f

SHA1
5ab53825a1dba277b5eec44f57e140a9595c0c22

SHA256
34ac853706159d3bee20be18606186b8c3ee1f628fb4ea2514fdc235211c0fe9

SHA512
e67c62eb82ee5450b5a6841ca3f311b785f29a80ea792088a4e6d1de57a048d19ddf1f1c536f2ace2fb103a009a61f130d0fb4ffceafc2e7c69562389950cefc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
7d59a8c4fb460ceb44aee7ced7816942

SHA1
62572204424bcd9e6d7e1ef28bba899d1723100e

SHA256
f61ff9527ad18b644743db5374d6793ce94e7574a54e50dcff7e5df9c9e6c0b9

SHA512
c6fa60b38e916a85dbdbcaa58b80c7e4f0735dd8a8cfbf0273206a3318fe1e5a3a7c1b4fdc84ed3b8f2f0d3e42cebfa533780d389c846d3a5ef28003e428087f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
6e727869754e8d90ed40e062b48974d2

SHA1
e4ed0ed060bf5a79b16bb6414cf3d1785ce7dee4

SHA256
98d44e645d8469a5829dab16378dcd44526f32f9f31bd490058520cf3b262531

SHA512
a6d8aacdd7feec720a667e2cdf40d1d6bb4f7e59c1483cfe7d805158d2c40fc41b51fade6d3e8894abde7a421d8a3bbe9ce895c59745e9ed891678f700d4f587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
c2181d1f40840cc896adf034e40d83d4

SHA1
b6e6cb24a1339e63c1c3370cc696700fc0b8e724

SHA256
9b01648a9c1bd381fc5cb9470baff22d22056220e9b2e665607bc7a502f1b1b6

SHA512
1431efaf5192d66b1ded89ccb054d1ae45ef3b7f9e3d933e313f1c1541210e968502d8dfd72276b9ac4b979d4fe9a3e9049c42343607c7553acc26c9cd80af01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
145KB

MD5
c2f6315b032a5579a1e371b9b052673e

SHA1
fe74798127a38a9f85437cc2e64c8c39c7f23721

SHA256
5640268faa39ab436356f0e6b9f3dd2d64283f969102075939381539297d87fa

SHA512
b4204568966fec84768eeb5e4f3ea42f6439d136bb78b83d9098732f64f1a87208614d226d3cf35de471ca31b9afc66bf724a6dc9acd5f998d776840194e10f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit