Analysis

  • max time kernel
    574s
  • max time network
    574s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 06:46

General

  • Target

    MEMZ.exe

  • Size

    16KB

  • MD5

    1d5ad9c8d3fee874d0feb8bfac220a11

  • SHA1

    ca6d3f7e6c784155f664a9179ca64e4034df9595

  • SHA256

    3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

  • SHA512

    c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

  • SSDEEP

    192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 42 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
    "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2784
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3108
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2816
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3464
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3936
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
      2⤵
      • Checks computer location settings
      • Writes to the Master Boot Record (MBR)
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1140
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:4072
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe"
          3⤵
            PID:1340
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
            3⤵
              PID:1708
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe"
              3⤵
                PID:2112
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
                3⤵
                  PID:1200
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
                  3⤵
                    PID:2292
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
                    3⤵
                      PID:4520
                    • C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
                      3⤵
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:1812
                      • C:\Windows\splwow64.exe
                        C:\Windows\splwow64.exe 12288
                        4⤵
                          PID:2408
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
                        3⤵
                          PID:2688
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
                          3⤵
                            PID:1004
                          • C:\Windows\SysWOW64\regedit.exe
                            "C:\Windows\System32\regedit.exe"
                            3⤵
                            • Runs regedit.exe
                            • Suspicious behavior: GetForegroundWindowSpam
                            PID:3768
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
                            3⤵
                              PID:4256
                            • C:\Windows\SysWOW64\calc.exe
                              "C:\Windows\System32\calc.exe"
                              3⤵
                              • Modifies registry class
                              PID:4440
                            • C:\Windows\SysWOW64\notepad.exe
                              "C:\Windows\System32\notepad.exe"
                              3⤵
                                PID:4500
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
                                3⤵
                                  PID:2452
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
                                  3⤵
                                    PID:3800
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
                                    3⤵
                                      PID:3560
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
                                      3⤵
                                        PID:1436
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
                                        3⤵
                                          PID:3856
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
                                          3⤵
                                            PID:2336
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
                                            3⤵
                                              PID:960
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
                                              3⤵
                                                PID:640
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
                                                3⤵
                                                  PID:5340
                                                • C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                                  "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
                                                  3⤵
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5664
                                                • C:\Windows\SysWOW64\calc.exe
                                                  "C:\Windows\System32\calc.exe"
                                                  3⤵
                                                  • Modifies registry class
                                                  PID:5888
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
                                                  3⤵
                                                    PID:6120
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
                                                    3⤵
                                                      PID:5160
                                                    • C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
                                                      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
                                                      3⤵
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5852
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
                                                      3⤵
                                                        PID:6092
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
                                                        3⤵
                                                          PID:5160
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
                                                          3⤵
                                                            PID:6052
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4208,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
                                                        1⤵
                                                          PID:316
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4892,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:1
                                                          1⤵
                                                            PID:1424
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
                                                            1⤵
                                                              PID:2948
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5236,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1
                                                              1⤵
                                                                PID:2760
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5364,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8
                                                                1⤵
                                                                  PID:3548
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8
                                                                  1⤵
                                                                    PID:1004
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6020,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
                                                                    1⤵
                                                                      PID:1788
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6252,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
                                                                      1⤵
                                                                        PID:3624
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5196,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
                                                                        1⤵
                                                                          PID:4700
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5832,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
                                                                          1⤵
                                                                            PID:4024
                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                            C:\Windows\system32\AUDIODG.EXE 0x498 0x494
                                                                            1⤵
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:4640
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5240,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4696 /prefetch:1
                                                                            1⤵
                                                                              PID:2468
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6724,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:1
                                                                              1⤵
                                                                                PID:4008
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6260,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:1
                                                                                1⤵
                                                                                  PID:3460
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6484 /prefetch:1
                                                                                  1⤵
                                                                                    PID:4604
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6676,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
                                                                                    1⤵
                                                                                      PID:3216
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6968,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1
                                                                                      1⤵
                                                                                        PID:3488
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=5368,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:8
                                                                                        1⤵
                                                                                          PID:2732
                                                                                        • C:\Windows\system32\svchost.exe
                                                                                          C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                          1⤵
                                                                                            PID:1128
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=6972,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:1
                                                                                            1⤵
                                                                                              PID:1036
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6760,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1
                                                                                              1⤵
                                                                                                PID:3044
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=6448,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:1
                                                                                                1⤵
                                                                                                  PID:2208
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=6984,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:1
                                                                                                  1⤵
                                                                                                    PID:852
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=6392,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:1
                                                                                                    1⤵
                                                                                                      PID:3484
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6768,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6644 /prefetch:8
                                                                                                      1⤵
                                                                                                        PID:2144
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=5728,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:1
                                                                                                        1⤵
                                                                                                          PID:2584
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7100,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1
                                                                                                          1⤵
                                                                                                            PID:448
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=6556,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
                                                                                                            1⤵
                                                                                                              PID:4468
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=6460,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1
                                                                                                              1⤵
                                                                                                                PID:4892
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=6920,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
                                                                                                                1⤵
                                                                                                                  PID:4856
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=5500,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
                                                                                                                  1⤵
                                                                                                                  • Modifies registry class
                                                                                                                  PID:5048
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=7188,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:8
                                                                                                                  1⤵
                                                                                                                    PID:3600
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=6056,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7032 /prefetch:1
                                                                                                                    1⤵
                                                                                                                      PID:4868
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=7252,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:1
                                                                                                                      1⤵
                                                                                                                        PID:2480
                                                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                        PID:4560
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=6960,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:1
                                                                                                                        1⤵
                                                                                                                          PID:2228
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=6452,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7312 /prefetch:1
                                                                                                                          1⤵
                                                                                                                            PID:1984
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=7240,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7236 /prefetch:1
                                                                                                                            1⤵
                                                                                                                              PID:2844
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=7432,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
                                                                                                                              1⤵
                                                                                                                                PID:3056
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=7400,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
                                                                                                                                1⤵
                                                                                                                                  PID:5008
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=7660,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:1
                                                                                                                                  1⤵
                                                                                                                                    PID:736
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=4720,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7796 /prefetch:1
                                                                                                                                    1⤵
                                                                                                                                      PID:1104
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=7740,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7500 /prefetch:1
                                                                                                                                      1⤵
                                                                                                                                        PID:4520
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=7544,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:8
                                                                                                                                        1⤵
                                                                                                                                          PID:2340
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --field-trial-handle=6600,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:1
                                                                                                                                          1⤵
                                                                                                                                            PID:2232
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --field-trial-handle=8080,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
                                                                                                                                            1⤵
                                                                                                                                              PID:348
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --field-trial-handle=7856,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:1
                                                                                                                                              1⤵
                                                                                                                                                PID:3228
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --field-trial-handle=8276,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8288 /prefetch:1
                                                                                                                                                1⤵
                                                                                                                                                  PID:640
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --field-trial-handle=8400,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8232 /prefetch:1
                                                                                                                                                  1⤵
                                                                                                                                                    PID:3104
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --field-trial-handle=7964,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3128
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --field-trial-handle=8584,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7632 /prefetch:1
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3720
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --field-trial-handle=8272,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=7952 /prefetch:1
                                                                                                                                                        1⤵
                                                                                                                                                          PID:2656
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --field-trial-handle=8664,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8668 /prefetch:1
                                                                                                                                                          1⤵
                                                                                                                                                            PID:5356
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --field-trial-handle=8684,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8436 /prefetch:1
                                                                                                                                                            1⤵
                                                                                                                                                              PID:5372
                                                                                                                                                            • C:\Windows\system32\OpenWith.exe
                                                                                                                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                              1⤵
                                                                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                                                                              PID:5952
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --field-trial-handle=8560,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8344 /prefetch:1
                                                                                                                                                              1⤵
                                                                                                                                                                PID:6136
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --field-trial-handle=8452,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:1
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:1360
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --field-trial-handle=8480,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8788 /prefetch:1
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:5180
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --field-trial-handle=8948,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8476 /prefetch:1
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:5544
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --field-trial-handle=8352,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8544 /prefetch:1
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:6104
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --field-trial-handle=9100,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:1
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:6132
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --field-trial-handle=8384,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9260 /prefetch:1
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:4136
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --field-trial-handle=9232,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9024 /prefetch:1
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:5260
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --field-trial-handle=8964,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9104 /prefetch:1
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:6072
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --field-trial-handle=9600,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=9628 /prefetch:1
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:5588

                                                                                                                                                                                Network

                                                                                                                                                                                MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                                Persistence

                                                                                                                                                                                Pre-OS Boot

                                                                                                                                                                                1
                                                                                                                                                                                T1542

                                                                                                                                                                                Bootkit

                                                                                                                                                                                1
                                                                                                                                                                                T1542.003

                                                                                                                                                                                Defense Evasion

                                                                                                                                                                                Pre-OS Boot

                                                                                                                                                                                1
                                                                                                                                                                                T1542

                                                                                                                                                                                Bootkit

                                                                                                                                                                                1
                                                                                                                                                                                T1542.003

                                                                                                                                                                                Discovery

                                                                                                                                                                                Query Registry

                                                                                                                                                                                1
                                                                                                                                                                                T1012

                                                                                                                                                                                System Information Discovery

                                                                                                                                                                                2
                                                                                                                                                                                T1082

                                                                                                                                                                                Replay Monitor

                                                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                                                Downloads

                                                                                                                                                                                • C:\note.txt
                                                                                                                                                                                  Filesize

                                                                                                                                                                                  218B

                                                                                                                                                                                  MD5

                                                                                                                                                                                  afa6955439b8d516721231029fb9ca1b

                                                                                                                                                                                  SHA1

                                                                                                                                                                                  087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                                                                                                                                  SHA256

                                                                                                                                                                                  8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                                                                                                                                  SHA512

                                                                                                                                                                                  5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf