hxxps://cm[.]naukrigulf[.]com/?redirect=https%3A%2F%2Fwww[.]naukrigulf[.]com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhxxp://kituipress[.]co[.]ke/red/?=t[.]scharf@walthall[.]com

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2023, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttp://kituipress.co.ke/red/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133293730995078417"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4792	chrome.exe
4792	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe
Token: SeShutdownPrivilege	4600	chrome.exe
Token: SeCreatePagefilePrivilege	4600	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe
4600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 3108	4600	chrome.exe	84
PID 4600 wrote to memory of 3108	4600	chrome.exe	84
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 2416	4600	chrome.exe	86
PID 4600 wrote to memory of 3976	4600	chrome.exe	87
PID 4600 wrote to memory of 3976	4600	chrome.exe	87
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88
PID 4600 wrote to memory of 4248	4600	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cm.naukrigulf.com/?redirect=https%3A%2F%2Fwww.naukrigulf.com%2Fnglogin%2Fuser%2FmailerLogin%3Fconmailer%3D9970f1174238463b4751e4444bb95821%257C~%257CZ2VyYXJkYm9pc21hcnRpbkBiaWdwb25kLmNvbQ%253D%253D%257C%252A%252A%252A%252A%257C1%257C~~%257C20230509%26rUrl%3Dhttp://kituipress.co.ke/red/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa25bc9758,0x7ffa25bc9768,0x7ffa25bc9778
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3380 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4880 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5200 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5332 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5216 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1668 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1660 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3408 --field-trial-handle=1812,i,17919220167565653344,14354387172808823624,131072 /prefetch:1
  2⤵
  PID:1240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4476

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
957B

MD5
95653c1213596a2276cde76987aae5ab

SHA1
50789390ea5f10485c0610f80b04f473a3f314a8

SHA256
7f98695708cf10be3a0f7890b5e02f54b4a53d3f0f93eeff017831c531e13744

SHA512
08bc1dc6dbe14c77e6fef7c3ee983432e773d44e75375d5e10b6ef2c965a32f285b2e8c9a0f1cba9c336fa7d8eb34919d12e67969774a17141e71c564979c305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
cbdc0dc123c0264be0170bb3b41db257

SHA1
3515e649e9643a6009da80ce1d9a72707c9717c8

SHA256
5ec09448000c79218d439c914d8e32874f6bd1eb446185c6bf8677cd104bede9

SHA512
ec9ea5dcc83d6dc4f27b8a3a4282134264f8ff1599ba2022470abaaec06e9020ae2512927686de1162063d5b189693a43571afa6f5e63525c98605f704e93a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb5ba0526083bd990a986e46432a178c

SHA1
42604360969cd2d66ef45d29509565141a0faeb8

SHA256
2a265481b66e50cda5a1c86784b2b1541ae964b1f34783e19884b745f323d06d

SHA512
d0327157a3f72be71a4551d5f8e528fa6abaccdeb496b2c438b0bad034d628b3591e579ed0f9c5b697c6b8ff1ff23a3a1ee0dd060a968efa7c3468b8c1fdf3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a07abb16771f099474929bcd2f1889d6

SHA1
80554e6b18111604b6ae5771e09ea6e628c481d3

SHA256
84ff757e29ad9175674cbab59517483a8105ceb4b584d1fd3ddda8dfd2fe9f39

SHA512
ba38b93aef3d1fc34645f0d946fc78d9dbf388d55b077257d29e8a45f41393d78db3ee9272f286a8957165f7c1594d1ebf7cd1c4bcdfe8053dd32e7a287cf23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b932ef9d-f7e0-4495-92e5-456c39683b20.tmp

Filesize
6KB

MD5
ec8cb9e74bc345f3dad9195d4eeebb98

SHA1
eb94e0ca841249bf270dafdb3e295fcef742b097

SHA256
f628a1f64f8e48a0b972703fef862d7cd2f530f41777e86fc45f571ab298bfbc

SHA512
a6ffe5924af4dce2a1f4b177d52ed85a1f116b8a87a660d3a458cafb86dd9d8306cc1f94a1b6bf2f907c92953ee2e49b215e6e1109104d74935923d1a9bd5c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
9dcddee37102737323141fe7bfa20f59

SHA1
d8228d913dbdba2349a757c2f8972f0ac37a3aba

SHA256
fe8846687c63ab442358ac2302b3c79df5720b2cc5b22150187105738504c580

SHA512
0036e71a7b45831f626a22a56e4907666e4137ee4e26aecb69bd96b3fda8a03786e649cdfa24b270d56517aa97472756a1846c6acc9a9ad1d53868174f17b9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit