242e00bd3c6e3b07aa7702211703d64d1585138230b79d1738ab9dd6b9874c02

Analysis

max time kernel
40s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 17:30

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

WalkSimulator-v2.0.1 (1).dll
Size

132KB
MD5

74fe27dd14f7785a6d79ee6166b488fd
SHA1

5ed21c4c1e6a0bd69406e6d3612857deb9af35ea
SHA256

242e00bd3c6e3b07aa7702211703d64d1585138230b79d1738ab9dd6b9874c02
SHA512

c722f41f6f722b2865fecc458589c7e2037e9e22c2c40b1d77245449965f504743f2ea4a5578656aaad33fc5d3fe9e04e979f027ffe3e7a9dc40801baa1e7b0d
SSDEEP

3072:IfdZ4oFshNV8jM0R5WScidv0UZ4te9DoaC:0rSV8j/GScQsk4te9Do

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe
Token: SeShutdownPrivilege	2624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe
2624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2160	2624	chrome.exe	29
PID 2624 wrote to memory of 2160	2624	chrome.exe	29
PID 2624 wrote to memory of 2160	2624	chrome.exe	29
PID 2560 wrote to memory of 2644	2560	chrome.exe	31
PID 2560 wrote to memory of 2644	2560	chrome.exe	31
PID 2560 wrote to memory of 2644	2560	chrome.exe	31
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2416	2624	chrome.exe	33
PID 2624 wrote to memory of 2776	2624	chrome.exe	35
PID 2624 wrote to memory of 2776	2624	chrome.exe	35
PID 2624 wrote to memory of 2776	2624	chrome.exe	35
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38
PID 2560 wrote to memory of 1576	2560	chrome.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WalkSimulator-v2.0.1 (1).dll",#1
1⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ce9758,0x7fef6ce9768,0x7fef6ce9778
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1220 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=984 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:2
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3312 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3828 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3800 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=744 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3436 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2408 --field-trial-handle=1308,i,666700823987228864,7921173337790261093,131072 /prefetch:8
  2⤵
  PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ce9758,0x7fef6ce9768,0x7fef6ce9778
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 --field-trial-handle=1440,i,6697238010881970633,8686337659369151352,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1440,i,6697238010881970633,8686337659369151352,131072 /prefetch:2
  2⤵
  PID:1576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ce9758,0x7fef6ce9768,0x7fef6ce9778
  2⤵
  PID:2348

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2680

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1528

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1736ac0190cb9b7b9fd40d1c09d851c9

SHA1
d068076a9e56e87b93598315d69b27340fd5729a

SHA256
68a788eb721331191f7196b7bb0a9b458c2e45ad9cfa7a1f30e0d6b279f64cba

SHA512
ab8bca4ac6892377d835469dbf3a4cbed11e8e426821b6c88de8a61b3aeaa6d762db03d3f0b32bc2b895d7c97b3feb328167bf2503d6ef85c4fd93f5daa01703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\64bfc18f-fe7f-4265-bf77-173249e849a7.tmp

Filesize
4KB

MD5
bb590adb92ab06db8d6e91ccae491a52

SHA1
80fb0f6cdce01d38668afc3c5a0c8c0e5afd780e

SHA256
800402ea9167322438115cb23a50ce5d275fc2ac1ec756eb18cdaff2184351d1

SHA512
6d86d3e0736488dcb09da7f29a762125710b02b31433c8660c24790116818ce8661e0f8043ec98e7138d38a8e43ef1a48e49924c60d33a636aaf6adbfd7b0928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
72a9b8d39778526404a3f991ae36b9b9

SHA1
ef037b2717e846526de7201926b25b346f585cf3

SHA256
5ba6975537a4cf03b0a56f7454a7f12d6986ac66489db90048f84b08a95ef805

SHA512
5b2927a419250396381e0fc825a2c14b43498e835b386bbfbf709cf577479a0d53bc7651b539e4a38f4a7da6d96a162fa00b6c7c3fadfb43a3d78cc775807eb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4ee1bc85a9cd5081213f258fb9596bc3

SHA1
5a5c7abf07a85525d4752440d93699209c6c9bb5

SHA256
afce4e86a8b1a1b5344dfb3f5d362a7320e73969e2cf5ad45dd0644ca7b43feb

SHA512
d72306a68bea0c8e515913d38270119c703c2a17faa0f8ea84522d237117ce85ef94e423992dcb1888c53013d53fde1d3e57b9d414d9b7acaa826fa223072af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1193e04541cb1309e06fff360854e5ab

SHA1
42cae110fcdd29c59f341f5d183ea51853b1cb22

SHA256
62ba71a49f838f26dbe961cf78a38122a426d050c52f457ad67fb5f3bb1eb6a0

SHA512
ee53732d1c0c9edb80484a8dbb78520c0b5689d2122ca7f4af3f5e3026a337df397ecf71132fe2bd33292d43ee27b23b8a3522bcefcf8478a431bac69d1f116b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
845b08a7ff06000bdd40fd5619888ca5

SHA1
e00fb55d4b4e7cd64eb3e5bae67067730069b4f8

SHA256
6062698f98f6cb40e3bc70428211c9a810c87c3f23b0dcc6595b41c0c6883b32

SHA512
66c0495ab349a2884390f88e08a277b28edb339c593fc4d37b98c9787e9515107f179560dc81c2dce99d080adb3fcb9173d139653d41fa31ddb2507940a4a278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
58cddc9167423a64dc8d676aa306ed57

SHA1
fda3ed3ffaad7f63728cb1f1f78d5f8322ec69ca

SHA256
77033931f156e8273867bdd0487b6de690d4a8c3413733f2f206f4f0e434cb0b

SHA512
e2742135b3dde99c707d69a4323eea7d52eee7bdbe86e4dd4171d590f214db916e7640d3e627e3ea366ce3af9294e751af7efdd12cd019de44b53a2712a5fef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b7c042396d1f8d42339d5d42b67a4644

SHA1
95b7b10a103d183c3729b942105b9d0b721b0cea

SHA256
374e0b76bc4f687ff4bc5d819a036128361e37defc8ff3679bd532d3ef1b186d

SHA512
84dc6c73ed77b2188980de939a6e9b11db47b6976066b81967a463afff47eb53739b588cda970e27058169723e4552bdacdba7b73b393dbed11411343574a178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7b769a900ef578f5a2a52d8cfa6bb8f8

SHA1
2c7afa1baa245aaf651c1eb0d94391dd86a9c421

SHA256
4081323e3c3a6c33ace7ff118dd38acce64fbaeb491afa7d47a76d83eb77e053

SHA512
5c446d9cbb43619ab2889600d9d9a1468337cc8f2baf4f61da6c84ea6aa67fb77728fb49bc78583942a85ddaca4f206b428ab440b81eb10067f862fb3ba601a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c6e22ac91a3d975a06b4a992f6311040

SHA1
383750f30c9589907a4a2ce17867496c3997f7a8

SHA256
9a0049d984f2b18ab63ea08665eefe37da931220ed743cae6c214f54926bc857

SHA512
be126616624dd1d04682b4d755e87863befca2ac6fe63291589482fae920df2b6665085591e8db611fe75bc108dbe9d83adb2dada0905172c637189cf0eb400b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
aa9d9be43166e4fe032c20eb60ee0f1e

SHA1
ff7ae41e5d4a990ba58130ba37bd9d36bb4a23ad

SHA256
e2af3b4c8b6e7c70eba789089fb0aecda766fad351c4e5bf4db9ae61c0dce5af

SHA512
9ba9bbd4164d17050e892eb05de96f6db3f130154ca90f4f21673ad7ff645e691bf09d4fe0de8aecf77aa1363bba79f7c5cefaba58d150c2105dac5903e20a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
787f3d63fc8f40bb5341fddba2d46386

SHA1
67e9d97ce8bba5fab4374b6cc45492afdbf1d9c5

SHA256
52aa07bba09e1dd94e07bc62f4735e662960522eafc24f7a9f42914d246a4653

SHA512
355083eae8da6354bf8a483a3c29eaf737f2e0b5a0364d4d098503d5dd0fc8b914c97f5d66a3a9ed44c05700f6a75bf2ffbd3b630365e0e86592b3c70d067b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
be1dc8b068d93e1eba949b92926e2b00

SHA1
bddc629973726044bf69da93e51a66d170f849c8

SHA256
c1f5b64085e3ef32753aceef51857c7e18666e1770217e018e177451b1a698e1

SHA512
b437af345369e80ae0e2e19f1d5e2d199e9fbc5da004a25102b36962b9d7c7c31ef477d1849f0f997919535046c595d244a97c13a70484fcc9b8dc0e46ad0e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
fe2b84dce2277c2f26c5ece92ea742c0

SHA1
4df0bb7da5f6477c97d234f1743a816622a86732

SHA256
1ad0d8ce7e59ef05b2b8239d8655f581cc5f84169921345656ef758398775453

SHA512
a6e6429d21f4372774d0194246bab38549e9d15d81cf938c792ff15853eca44cb443ad0286cd1597a1fc7934f5fe2e491755d39fc1fe5f80f591a4dfcf74cab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
f065eb4f392a4cc7a355e18c17d2936d

SHA1
d8522cc51669cadb6547d4ea3ac01e9f5a346ece

SHA256
127e21e97cb185746922cc4f80318c7d1a08cb73137eeadacd606b84934367b2

SHA512
10ca79385bfb342464639302111efa3b607cd7782ba3006e06e10d25595e1a88d74c0c3900c789c3231f11f84ce225a670757de2190950fbbaef96738ab523df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ae47ff3f-785f-45cd-badd-24131b0beeab.tmp

Filesize
259KB

MD5
7b17ae19e7f8bf10e487a650ae4db862

SHA1
2c7661c2fec142b8a9c741fa18dcb3881f332618

SHA256
b2b9ec349552492752d2730e05806d3cf8e5be975b920788e097bb5c5b03c688

SHA512
aed85c827b9e446f28ce182048384798f81e50ccb03a1108205d6cdf8f0bc278420f48a8bc1995cf061a5561be72b7be4f40eefcf1e27dbb77044995a39f5648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ed9b8b26-bae7-44ec-b1ab-0949edbffe99.tmp

Filesize
132KB

MD5
55d382a94d18e9a5805a524272d71aaa

SHA1
1b838067f4638bfebcf99c68a41bbc674f0d410c

SHA256
c07c3f1b24003d77cd634aed96c500973cf9d00e32d078669a41414a0f96cb4c

SHA512
511ef0b3c1155d6ea9d9a06e6fa5b7179470261870062650274421874abe913fcdb55e322ced6736dc90b43b9132eb39c0ec04100c5de2b9fdd41aaeab5d4a7a

Download Submit
memory/1044-486-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/1528-463-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download