hxxps://bookme[.]name/simonmed/us

Analysis

max time kernel
299s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 11:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bookme.name/simonmed/us

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601583620560992"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe
Token: SeShutdownPrivilege	1508	chrome.exe
Token: SeCreatePagefilePrivilege	1508	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe
1508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 3756	1508	chrome.exe	82
PID 1508 wrote to memory of 3756	1508	chrome.exe	82
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 860	1508	chrome.exe	84
PID 1508 wrote to memory of 4624	1508	chrome.exe	85
PID 1508 wrote to memory of 4624	1508	chrome.exe	85
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86
PID 1508 wrote to memory of 1180	1508	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bookme.name/simonmed/us
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa71deab58,0x7ffa71deab68,0x7ffa71deab78
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:2
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4552 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4640 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3988 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5284 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5296 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5452 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5832 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5872 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5924 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6088 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6092 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5452 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1156 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5748 --field-trial-handle=1924,i,2213870493639151037,12822110266850353678,131072 /prefetch:1
  2⤵
  PID:1704

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1828

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x460
1⤵
PID:960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
132291bf97b943cc6b6a533eab31832a

SHA1
5e452a23f628b351cd7bf258478353afd8e19e2b

SHA256
bde724706d310b88ad0d45147909c87880550a98311254d3e697bed7b99affc6

SHA512
79af4d382ec90e822ed775f06c91ea5455913464306ac37612b29fdf1c27fb25551a78d6d32f498cd21969ce44f0147b688daf528a0d94679819da1e3e1f4a5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
10bb422224aa5cdc6991ad68c7f04ecf

SHA1
e9107f2ad1f8c986799144506b6dbb1af9ee85fa

SHA256
96a851ede272ea759f6db45885de91cfc93c64260117d708e1229ab04dbe520f

SHA512
4bbb035be76fd8e7d3ca46baf09aa0c32fb530bda0475be7051a0c7a67afd8dad9c7959cc0728acc3d53c3936b49aff9c387d868c4faf194f2a6a8e5013e0b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
12b5d68b9458d743eb4424d57828a835

SHA1
db9e03073580d5d23d702dbc64b0eead75ef7498

SHA256
430aefa57b51d4c30a6a5c8c891a62a67c6fb1181973f5a5b7a5141f755655e0

SHA512
4057740ecd04cdd10aaa7f539d6d3d1725ce57b176d9121ac7331064836b5aaacfff746dfc6543b4fd58e2fa1e2f517525689c202b7685571a5ba053103efd1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
014eec07eb39977c868bd59c9d01db4a

SHA1
a966a8f98927bb49c7cdf19a614fb7ef68ff823f

SHA256
1fd43002ff3d55af839b6a69f1724cb2305e1d15b6dd584c878beeb8a4bf5e78

SHA512
5165d0bf3ea921acea994ae8d1878d33f5c96d0f9ebf0c6786820ba8aeaa9b44eb4d136e0dfdf6654099c393749c086c37afdc8b7fc3fb5845989f9529bfeaf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ecd3abc56f07421ae9e542940d340bf1

SHA1
c2d264b79f85685d2ba22278e38b635de3221d1d

SHA256
da9b6505f41749dd302b66b2d1651d33cff86b6ca4b208c6436711ce1cbee8b8

SHA512
9529990e990bbde64b72ec3565e79e3e600d2c5f46761e9e145816dc641ed023d86cabbaf00bb3b7f2068e92a5799f0d84b70b6acfc369f5b561d535f1b86b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
fbe766fef5cd5d72f6d68ff59ef58172

SHA1
4da1f6a1a1d9904054421c0adf7e299f88fe2d96

SHA256
20c8d2f8bab283712544a92b25009deccb870370b408c670edcd890cd6fb6cdc

SHA512
cca20a260469b1f6b1c07856376777618ab94d5caa216459dbd950d5faa900ea277de628d70d8ea7f07e5060b8b4ac0b12c9d1a157b53a72005c6cd11cc2d10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c625ebd01261d1da70a16b92fde0e6ba

SHA1
d6f28c45fe0217ebbde95d0eae1d2653cddd0baf

SHA256
9e3b5c27b82220844c473d176d96fa91aff0ab12458cc142bca02ab8587f8f14

SHA512
dedf82f5ddadbef559a25ed7087a66d9ea93f45dd19e879a6194b2aca82eea9f1c9622721e0c4761b0fa5f7582bfa639661d507d0ffc852d5cca5878d22f1550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2e739c72ccbff3348be2b3021186fcfd

SHA1
1d585f78f284280356c2bd117993e1f7dab40209

SHA256
1b36b5c029a24bba6c8ae16470abf9471f5a1b878cef89aaa234b183a0d3abed

SHA512
eb65e9417c2ef30f27c0e27cd0f6081baafbb716d858737736c416ba9d7cc763bb1a78edcc902e59d95f39b4a8c0653691653ed7ddfc56ba4153fc5837f03888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
42d707410a5d47b9a2d6facaf39bec5d

SHA1
94dc16c49e3c91c7fadc1a5ca61714149a979484

SHA256
5c0594d831990e43cca4ed4bc3f0e3bfb43a5c4db586217b957ef9eacda4a51e

SHA512
31099b45a02a6081b8f9acf328024dce2abe06a9e0ccdbbc3a664fad31ac18b7a4ae2399aae32b29346d59c9f324ea0937760666a2812fa8918d09fe332cbc6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
484f1c92437bbe7f26ead7018bc60420

SHA1
8293a3e7d36aff1fdfc3fef26f7af5ca14018e6c

SHA256
f76b364d941c53d9c4d58d7654d0d2fe4f86f62228ef384ab8562b9661ba1f5f

SHA512
1d8d8be707fb622c412be85cb686de70f973473c7eae5778c50c8129681cdcfd73b49e7621738158513fa24c9b0605e79ac9145e12f44d6c00180237b7dbb2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8deeef80f1a532e6b2548bbd7d11b179

SHA1
4106e68dfd320912b2f9636c6261c1b23f39392a

SHA256
b9e6bbb5d8c220cd4c2c29583e17571b8b657883a72dc2009be45fb279365f42

SHA512
74ff7636f533dd6df73500669efa920fc66779b6c95c80fdf6cd8bbb8d34ffeeb4c28bd53580d6c384a73c5c29e54c202347fcc80176d4584dfc9e8ebf0e8a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7a1716fb5c84893aabe5e3d8b78631ae

SHA1
ef902e675f767744c41ba0b97a42a6d3a64fa289

SHA256
0d2e534894c74a6a008d1c187950c107e06d44b700ee37b49d339719e56ff4f1

SHA512
cf63b685ba15b4c3cc0dfb1346b2e2146edac7ad9614027bfe70cf17fa7006a906ecb902212626f96a4dc1a154daca5e14732bbc9b10c3518b1e5e8d346900c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5bd642b429735138c0466b29f9906cb0

SHA1
9e616b3d86c20c46d72e04d969ca6fbc1c99cc0e

SHA256
364be00fa43281747418e54faad341f9e2b53e0d16ccda480d2dbc093d3db74a

SHA512
bb776e9aee66b60a0e29b80f4d7abae0d3dae19796384255d51b70e7e9265c1c85bbfb2be8a2953e10f3ba2ff6349ac22dcff4fd8ad418431ea220c087f9ef83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
00f5e543a54a959feba4a057c85db94c

SHA1
9c14da792510eea7b6b65960c0f4740024e1e9cb

SHA256
87c1d50169e2f837afcec79788e4e8581aa24c9ed7dba606739eec3f270fd1cb

SHA512
d8d4f954c4d0af18164dc6bb845a5e3dd387ce9a8a65d6824b09e13006e38f98725656a06447cf76b29a027b394f2f6a40d5abd54e63c98aa5511e5dac3aae4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3d741ebe4d2cb4cc7d3ee6cdea3eb0d

SHA1
e9c04d98aa10acbe4b65ccff808a1572de2523ea

SHA256
76cb07c6a1890faedc403017c15aab0ba3a63f2e2957bd0a85817489771b8feb

SHA512
22558105d70332ac0aa153e8253a0139b1469ce83070794312c88ca7002311f2c159e9d372ea5839b79ecd810224c9bad084d8e1d17ffbb630d8a91576206d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
6e722967f7a393ee7ba1e6af2bb0e4e1

SHA1
671f2e1c981a5c25300df95db645e7a5a1709a8f

SHA256
9db39f58166d615481eb541a00726f80a1d2482cdfe4b046252c73d9a02f6d7a

SHA512
0f9f917355ed8dd3331df54fc84581fe97f295e192696f57a32b0c7056c64a5b21800d00fc1f6a25a2d827cb8b4e6bf6257e1648d16b6030062288eea6292ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
0a6b7ef18b1199b7975f8e4146e22948

SHA1
b2bdcce330faf75ba477164b9330b6e6da016f14

SHA256
e7b8f5f94a4cf6348630d8b50b0957e2c6de511950a0d38cbcbae4f3bffc7a8b

SHA512
c58a52f9a08903a9f09132f347eacfcc2118a66f1cdd2b13b514a9578851b96d2f9046f46ef252e5507c20f93687364bac062e607c6ad001d6e1519031fffa12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
9a4a816704158b1f4a6cd2d2eec9e248

SHA1
09ad316b41c1b0dcf1c237464fee2506d38fc6a4

SHA256
d451bc359a2a6dcf737258d56453e3211194d2a28f1dcc65ea21de9ebc34999e

SHA512
df3210976ecd29f3ca6a82dcd30ebf4fa8dc2752606f9f37c09f58345c2b2573907dbe7a56a41de8945c8ea37c9de3611fd1194d74a43b463c37a023eefa65ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
be04dafe132cf9d7198a41e1a2efc937

SHA1
5d4231972c34ff08e8515f25dd34804467164bc4

SHA256
d04fcdd0d0759fa1b697e430daa16a0ef2037f6b676f9a64a8325f8f1d7d1b90

SHA512
3b0d8149029e9fd377d57cfef44f66a54f92cbd229088ee167416491532172195cd93da475a40ed82904d53393e62b715166f1bc124c591842ad8d28aac8b616

Download Submit