hxxp://49d279lqn4k7v6o1b5[.]miwgh[.]co[.]in

Analysis

max time kernel
600s
max time network
486s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://49d279lqn4k7v6o1b5.miwgh.co.in

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637853281187790"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4888	msedge.exe
4888	msedge.exe
2444	msedge.exe
2444	msedge.exe
396	identity_helper.exe
396	identity_helper.exe
5012	chrome.exe
5012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
2444	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe
Token: SeShutdownPrivilege	5012	chrome.exe
Token: SeCreatePagefilePrivilege	5012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
5012	chrome.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 372	2444	msedge.exe	81
PID 2444 wrote to memory of 372	2444	msedge.exe	81
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 2740	2444	msedge.exe	82
PID 2444 wrote to memory of 4888	2444	msedge.exe	83
PID 2444 wrote to memory of 4888	2444	msedge.exe	83
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84
PID 2444 wrote to memory of 4220	2444	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://49d279lqn4k7v6o1b5.miwgh.co.in
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,3272679567150472155,15029160049570611824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc090aab58,0x7ffc090aab68,0x7ffc090aab78
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2292 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4564 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4932 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4332 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1908,i,3536652817140247166,10022703881866850823,131072 /prefetch:1
  2⤵
  PID:5288

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0a02f291-2ec4-4a3f-9a30-b85f9c822563.tmp

Filesize
257KB

MD5
77181f7c8e6cde29d19a9cae7cb7b03c

SHA1
f1ff725dd39243c83c51cb844623e4105b197db7

SHA256
b63d9c1f045087e7e114a3e74ae2530fe8161c59552e4b76d372dad04733cbc0

SHA512
772091a0900275bbeab53ede8aa1ce2469858691b672a539421fc3f0be8c8cc2ce86c6eac0a9df58b93a53c72dbe5ab700113cee113874cb9ddc67704402453d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
682d355de883636a39567930ae517f3a

SHA1
357c45495458c0068459d8bcd364f296b943ca19

SHA256
0caa56847d4f5db08952148e03e175b5883f6f673cfe7844c4ad30cfd01b7ffd

SHA512
0bc0c68cd351d870115c71283dbf262c72fe77b1a30c5aaab72b41528c51dcf9a5760a0393862a7d29e74a9097d9aee160a06d45e6aa3885a5f808c33ec98e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e1ae4fc595164303af494f5449163f5

SHA1
39552ccc8c49acc3c02124b6fe238c455221b130

SHA256
a82aeab6647b1d44319a64feb79c6e9b42cd0153c46812cacbc95797f59a0834

SHA512
8f97d2e3741978b3204409766fea505a25ad407a6b568981ee56aefa6bfd56af6ca703c759ac0c041189d32cf09dd8ed353e1ae1660fe2bbe2c686b5d5b53aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0c76c77afcf08fecf998e2856d4b5c3b

SHA1
6016089c8924db350c3ab488a7313365bf95fee2

SHA256
d26848a1fce7a000ee596125f8a39859027a6f2cd25dc3a606b242668c00839c

SHA512
eb5741a598c75ebe3dd84cbea3b4f5ce76949bb8a5474c809a699af9927ec9ef1734c8b3e5b8cf010984b4af17b5d222f4b687b3797f535656a1d2aaf5db982a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a8bc0a7cefce88e646bc0cb3e968126c

SHA1
7d0df8a10ee82d957b18d6602109126bd2dc290e

SHA256
f0c0b3571095b2168d51d41f940fd1e300f08ec3370a0403552cd2d3473ad01e

SHA512
9c47bc8ee057f0d1df5a28c0ac5f888f929f187148519ced69facd8abb26b5678f7ef2e76b82081d5676f53c80eaa6f107550e638a0e15e8b3556a5d867ef547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5a5191a13e644201d0a357bd51ac756d

SHA1
4ccafe38dc9fcabe4846f3dbb3984c7c248ca8fa

SHA256
eb692122925e6346ff08442ed7f43bd26793a7f6fca12c8a0eeda666945c967c

SHA512
ec43ef30de60e90a9e3c8685a88dd783e98768c39483ac2def5361a72475979db0921c7c8a057574fc65922827951a9d6c51cc70f38f55ee479f4d0bc14144f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
220c6df9ea9b32c0ea53bfc0c9c1d2ba

SHA1
ebb4e4deab9c845ed6ce1b77674e18ce0945b2ea

SHA256
dbab69551a96bd587114148698a134a8f2dfbe3b7717710eaf7e966f0046c324

SHA512
eec3babdbe51ab9fbfe816e0acb0b6e3724ce875ac30b7cc44e2d15c2daa1ccf0afcca267f2083e731a5557fe9792f8d79fe601ebc3953baa571d595c05e6902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ddc41f14318775c6fcd6162347716a01

SHA1
86d05e6a86706bd57bbd1a357586183a0415414c

SHA256
5c93310d52fd192fe0889795f82ce114ee046813a3885b865a724cae949d6151

SHA512
478900591732339f1edd3772805d63567f1a49367fb6db00e70ff9ec4e13f7c6ee29d1307f85a6d99becc20803309e17fafaf14ae3c0b97722146e753f353a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73fea6defa8b9c93e5d372e0adb864cd

SHA1
e32dcf2daf18591675dec05f20eafa419c3ffc57

SHA256
5d2d69641a93c0cd827d98a9e934dfba91569e79c52018b1f48c3794f6e1f52a

SHA512
590dfbe02fa18310ea79d2818aaa036370cbd9a9a9fb269e58dfe0c132e012784e1da5c58e9ec093e7267926f374172c482173f6a944183354f240d87eb3a000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
220dfad8186cccb000355ff2fb5c0667

SHA1
3cf0217a8dcc7a7392610fe627a756077c61c463

SHA256
2249bf2717ff6ee1aabb686806ef92e5da26823e5c060aed3cdc23330931c7cb

SHA512
2db3b109889693d5d69c197457ea024eb5f0e391cefcc34d47842037a771bdf29d311e5c26a5e3c8308c572bf07dab832037d4e1751d78e22bce4a6315e8d302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6597b59f341ae291be920351107d9811

SHA1
cb20dec5343953defbe821d826a8f0b205686026

SHA256
df49cc7e4a6dcbc4eaa377c86d5e4b930662f66ad989de2711280297cefae34f

SHA512
367773473303fafdb6b156ffd8d016d435ccf34f4729412c389e7c322feddd554804320537f6806dd93a4092eef50776abe62bf34a1f9699b0bc08f877c6d72a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
98097093573c96106edaa6e82cf347b9

SHA1
78bbaf169bfaf9c57a4a4d9e9f8ac6623b0fdd2c

SHA256
1aa92818425fd86c84dcc599b6d7eb915713712f8ab3593225f1ccacc3dc804e

SHA512
fe913b440ce4a03467794bef22dad54ed289e4bce8e801935d152570053c23bff2f71c20a26a13945f432d4a20cfa45fe55a55f59c0d4661d0209dc1d43d777f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
088500ad5cce9334784f0036fb5af2c6

SHA1
1c77b6a0121149250893c13e376302718df9dc75

SHA256
04ec0d9f56b25e97e2d22be58b7d4203794511a1ff44ec6cc9ff5af09776d8f1

SHA512
bf762b4a358873352ba33dda9821ff8a1c0a014371899f0f0e878634e0f55123b07478938336da1e0d5f7c6aca6203bc0d80e4372e75f4749bf060641831ffc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
38c70f4f90ef6342c00172ac808e0c01

SHA1
7b52a2605df862812cca262cbf0e00e892dfb2cd

SHA256
400f25f0a4a609eb1eda6e9d6b6e66f58b7faea550c1a0bc9ead563beaa6a438

SHA512
b12567386268126ff50d54c6076e574426f8f3032b75f293c5a49931fea8551ba7f3ebb324a3e6d876e5604db8f41e8f1c465bc9c2d8b04622f0234b22af58a8

Download Submit