f9a0ccf6ce32e086e1f08c9e1fdb53830f711134e62e71a8606529ca9b99f9b0

Resubmissions

29/04/2024, 10:58

240429-m2sxxshd2w 5

29/04/2024, 10:55

240429-m1lr8agh75 5

Analysis

max time kernel
299s
max time network
299s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29/04/2024, 10:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Hix Temp.exe
Size

2.1MB
MD5

0a5db55dfb53be66f6c3501593f4bfd2
SHA1

cd90552d723fbb95971496c659cb4174cf2d5ff4
SHA256

f9a0ccf6ce32e086e1f08c9e1fdb53830f711134e62e71a8606529ca9b99f9b0
SHA512

dbb862fbd8e823d92de6fd321940a98dcc1046bfad26afbc84bd75259ffd5c0fe9738807d01a213fe353c484e17877f96fe0403dca6eb15c1e2c9d6a483f7391
SSDEEP

49152:Bj/Z5fc18K8QbbnVoyu2IFVNnVMRH9MYEE:xZGBG2MDncdMY

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588619186595189"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2976	chrome.exe
2976	chrome.exe
2976	chrome.exe
2976	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe
Token: SeShutdownPrivilege	2320	chrome.exe
Token: SeCreatePagefilePrivilege	2320	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe
2320	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1552	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2360	2320	chrome.exe	83
PID 2320 wrote to memory of 2360	2320	chrome.exe	83
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 3000	2320	chrome.exe	84
PID 2320 wrote to memory of 4500	2320	chrome.exe	85
PID 2320 wrote to memory of 4500	2320	chrome.exe	85
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86
PID 2320 wrote to memory of 4120	2320	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\Hix Temp.exe
"C:\Users\Admin\AppData\Local\Temp\Hix Temp.exe"
1⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa13bccc40,0x7ffa13bccc4c,0x7ffa13bccc58
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2220 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4668,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4896,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2860 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4332,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3408,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=2820,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1164,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4704,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4740,i,14948250400518103694,4380640248166379182,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:5020

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2800

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa13bccc40,0x7ffa13bccc4c,0x7ffa13bccc58
  2⤵
  PID:1676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7b6f9c95ed0972c9e3a1047c3d9a6332

SHA1
674a85740c406f6ebe890257d51220fd72db98e7

SHA256
cb4e0d593c12188340105875af3a8140549f24b3ebcb95976b536311f560ab4d

SHA512
4b2f9413ce572991c7efb65130b2100fb54156b6f7f64a90a40d7873fa8e1d9e336f094560968438c687b6385240e665ceaf5ed10cc717f42bead0bd37ed57c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4b2781bd700b39dbbcbb9ff8142d3445

SHA1
66d146521757d85e92f3989caaf36fc2fb84e47d

SHA256
d495d92055aafc8b02f015098d3667c0d4711bc6b5be8af5de7ed81ff722182c

SHA512
d2361786dbd1abdb23579bd2c6d20f8c8cb09d46cc36e3e1123795b720cfaf98aa389c19ad2c0f544072b171c72ffde33c0397122411ad6062a95140b2b345fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98cd63f799b5372fbcff3d72ebb9d197

SHA1
45ac0a811577e1c4608604a684162eb7694400dc

SHA256
c564ad5a6a095c3f6d929d80868896cca87f4212ffb2257dfc4bd7fb424bf479

SHA512
d3e819193d56792f7b50639066ba1368024c18cb3eb5fa6d20508b10115983daf74ee5604cbe299e157ec48f45d1b8e906b1ba06c9dae45016f49e054c080bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
78374201845d2f57a419506029827fab

SHA1
bdbc935f62ed0025ceab4ee66f4cd36102809218

SHA256
862d8eb7191ac0cc0fb3aaa13fa4e407344c34ad042a4b2c5a17cf0fb7d72899

SHA512
074412e172f3bdd853664731c7441f001497b76605d29fb0f6c17e9b79d76db654015b4e8ec30651be328ae503eb1d56f86b921e958171710a5bc377d0a7989f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45b97353dda063efec112f71a07d130e

SHA1
547ec847410c5686d39d286c707ab704a5e84154

SHA256
b026135c3c26800a800ba0f937f9b6d7c1baed0e419029e11c4c16240d603a60

SHA512
89b240212bf8b0fc428c75e7da772a8a91d9c35c2e62b4404b6de93231036b0f351e98fe496776f2cbf03d7c8840f10a220477bce725b66effba0e78aa98268c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b5271a812baf56df7ad52bbb763c16f

SHA1
d34736058ecb97b09f1383b84f9635c007a6a2d2

SHA256
e444d2b7dd3eec61948c830671115ea4bdc4d0f062ae742d11e5c0e7cab7c52f

SHA512
87b52ac3e0075f6a1a91a26c84f1646e874246252d93dc170c27628e59bbc37292fda85e68746f336c3585e3320040597c9ce6675042e53effa19429aaf55051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
67a35fce1614c685714ed716ea6aa89a

SHA1
7d0792244ec5474910f5e464de931967004ab315

SHA256
24905c96b2ded770dd3ef856f6b5a34b2ba8b361286f00cc07f978f29a21fb31

SHA512
e3f6752c51347a73f984eee438c8a58a6173a146ce70053a11a2e8235eaf8c2bfc49fcfde2a2bc227c126180ebc23af17744360d1f83a42691c3c2670fa680a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ea31e83b1c300844fde65d4421700a3

SHA1
20b1f0c66a371f553017dc6d344d3cbafdd8dcbc

SHA256
a6668039cf916cc20f382889d93c4fbb7465148ff652034bbcba166fd2040b1e

SHA512
12cc658353b1e33846f7a54896780b58cd1d4abf137c5ace058c344f5f173fde18fe32449544122dddb1ff38eafae31a005cc624ae77ea9471557f0762acded5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6408f681476369d7727e7c5d8539fecc

SHA1
87d02155ef599fe503f40df0f63b3a8709ed0a15

SHA256
15912b930be2468502b4933230e5b7edd9664d0a3bb5add0140ebb4b360a4aae

SHA512
6adb61864d30882752b1f972d7cf286433b5e99fa6485d7ac9fd078440059c3a932dde7e0355d9d611a969b0b26125451edae7c2800aa267439c179b9687efed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84216866f283766fb5655af7bea3532f

SHA1
1894231d9713a2a27f14375a86839b607c8bf12f

SHA256
ffc81294a0cd38f93e06d2d2d313064f974e7f637bb4bbf3b79275df4f8c74e3

SHA512
1756d0e6dd30ae37e60b6258d1f8c331c07391aed4a319a7bc4ba01046702faeaef45365c27c10fa69b88804a9d6f87765f09b47c2582fdf9c0a042802fa86da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3e04291f40f797400ceafe18ac003ed

SHA1
c446e8192af0f3b4a8b75002d42ca389d96733f1

SHA256
c1657cb253beec9042185ed544338eb17869fa96a472de67b19c3c3f1174359c

SHA512
0ab93745a887f807bf3d0653b45d132c055074c8037a9854215466f807b85b0881549bd6a413fad7bddf06f0ec3cc68bdc00ad2e447d377f72b775ea33ff8ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec06eaf98872400035d2dad0aac7059b

SHA1
18ed4a77c00b2ff44b84152cbc6769addb871244

SHA256
ce447d2808274863e698a0e418de14f649ed69e3506582e33cc736d01f8f89de

SHA512
f367f85fb44cd524e222635a413a6aae4a3a4cb039497f1c2433505629eec1919ce84a589a74d57893586a4ec9a2f1ca5c8f161f9b9829a56cf125c8cf5967ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
82696673adee41c5efaed2e069b737ca

SHA1
6f2f167eb01464a2e60e8b238e359b2d6a778bef

SHA256
7b3d1fa7587e585c59417449ab7a476015432229ba1e3508505e3a6b8c3e1c5b

SHA512
4d821cf7962156b01b340b3b8709aa7aa0099f792cd7f9fcbaa2538c595e6a728ecdbe5862429d79e95d8a5a601a4c04082da4c2c3e613a18b4cf5f9357c8f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
303808c07450f1c12b7ff1d251a9f88a

SHA1
972aa3a7c5e125c4f4ddee0d1d75557531235e47

SHA256
9ed0ffa84bb44cab16b111a9af0d6cec516e00adf408dc555f2cfb40c39cc1e2

SHA512
75deb820fdc9659f5fef330c3955812cd7662d0ea462f4e59e251a4c21395a3f4f49dd497e14f5ffd0f92b034f4fc41d409d9628867c78cd58c4b7ad418d5575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b84d2c8b-d03f-40fd-bdf9-65422e6e8ba0.tmp

Filesize
9KB

MD5
d7cfb3cfc916ec69570f89e6aebcecad

SHA1
0cff06952b24d446b92723bd8a442f553997a4d5

SHA256
9e6bad17a1b3ba973951122aa161b6ff649c022cb19ad45ce6995921608f3b6f

SHA512
a1a96547d812ccc674133c775a324e6a9913b3ff996d24267d26057f2f7bdcaf3324767f97cc6197a6831e2e284e4374ae5fb91b755a79177190595775548aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
1cc4eaea92e24dadea26b951c22cfa3c

SHA1
3156fdeb809d5be44ca254350dbb0521c014648f

SHA256
7a49b49d590559226a279b218799ea76b95e42390d8862658c972bd9458ffd34

SHA512
033af6a73cf05443d9ca16591566ff08497e997b35706a236f63e02de79ad298d9070a148e46d89f64633b681fd95804914ff5085b7b03d3ff36d41bb17d8f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
53d72ec315f5c8d3e31529c58693ef55

SHA1
9f52da2f86771cb6a1fc91a37af32c038d980424

SHA256
ce1c81f510e2bbe663dd87132c51ff0bda63cb98d4be4f766208a8a54cbe350d

SHA512
1281b99117a202afdd1716cf4da9f6046da5008a346fcacae5513d0d819277da9de6c379ae73ec06726fa5ed45d31f7aa61abfc3562053d2b3bde5015ddd2908

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
709ea4f194033ad11003db4cb2ba4f2f

SHA1
dcabb3b0fde498d8ce59476fdd284ce1320f6e21

SHA256
162e7656185aaa1fcf8f8f672568627d5e0662f1c761a4be69bdd64dde3a1199

SHA512
ff097d22d949af91887d66b077966d1af5940e6948ca27dc1583d5252c1d7554c55552b4362d0ae76782a9b30ea885d7fd79c8bbbd8e386daabf5b628059761c

Download Submit