hxxp://freehit[.]eu

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://freehit.eu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637786827413079"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{9611AD0B-182E-4687-A59C-957C3369CD09}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
6044	chrome.exe
6044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe
Token: SeShutdownPrivilege	2464	chrome.exe
Token: SeCreatePagefilePrivilege	2464	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe
2464	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 1892	2464	chrome.exe	88
PID 2464 wrote to memory of 1892	2464	chrome.exe	88
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 4436	2464	chrome.exe	89
PID 2464 wrote to memory of 2620	2464	chrome.exe	90
PID 2464 wrote to memory of 2620	2464	chrome.exe	90
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91
PID 2464 wrote to memory of 4196	2464	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://freehit.eu
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7648ab58,0x7fff7648ab68,0x7fff7648ab78
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:2
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:8
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2704 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2712 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3868 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4448 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3276 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2420 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1548 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2836 --field-trial-handle=1948,i,6477612734689092139,16581882568995169631,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3740,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=1020 /prefetch:8
1⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4760,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:1
1⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5092,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1
1⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5356,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
1⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5492,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
1⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5524,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
1⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5972,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:1
1⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5968,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
1⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6312,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:1
1⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4240,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8
1⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5284,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:1
1⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6088,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
1⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6316,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:1
1⤵
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5296,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:8
1⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6740,i,3724086843943218842,1026644135694712596,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
1⤵
- Modifies registry class
PID:5924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
2de6f5b56ceba168ae78dc6d5ce20c14

SHA1
0d9426b1f65b94716458f82ef648503e89f1dbfa

SHA256
174e08194ec8695a649bbdb3bdd127881624dd6b70a25725f3c064ad9f48419f

SHA512
22d169a5a89e20245571dcbdab95c28fa29668ea9a874709c89c6dc3db618ee30fdbb6ccc9d4f909e2a14b4b98125f8d245e4cc375387675f99dae1bffa62fa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
35df784b99964c28b4743fb7500f19a4

SHA1
69e0cb1d4f486a4c738c174e7cfc59459f991422

SHA256
94cbe948bed155c484ca77ac6b9693c8fc46b00493b198595bf3c3d5aa2db1a3

SHA512
aae4914edfcc281efbb11a4d53b33c7818c322c2188deb0191656827a9cbe07a8580780ed8f73f937385f2afae76fc9d36b32f1aa943830ec322be6f2def9ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1328ec9c42b9334ed6b1986ec9c13329

SHA1
94e4d8616b2bf8441dd2ea2f0a50668bd9caff9b

SHA256
dded124fa53f8419082ab5549cf37b913ed7f57f13c8e5aaa87b38a67b9d80a6

SHA512
53b6d8475735f1bfe121c359a10b05831beedced2ed1bcc773262f729351e95d6954ea348f829da261b17d7adcede197e1f04997bcabd29e589676a67be46570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
36e5419adfe4015c6eaa690454b86aae

SHA1
d3a4d24994f3f3de098a3dcb849c185e6ff4f074

SHA256
1215672d818bc28b32454a8ed130ee072ffbb66e0c1c8c313c74bc65e8c7709d

SHA512
f8394b6cbf047074dd5e5c1681848866a6ff2ae51d279609bbb093f6802f9f6152c0df7999c466b2c1e90c6274f64b44ba7891ff705954bb0545eef65b6ec6f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
99eae19425291fb4f10321068bda729e

SHA1
6e27803d0ec5b595f0f44436926b6cd5d897311a

SHA256
611b92f96e13bfe5a2e7ae0c06cbcd64a30840f35793034d714f9b11caa4a775

SHA512
0fa2c7ef51ffe3525b189c08dab807bc744bd1fbcae077dbf9417d36595e4ac83b9e5d3ff9cb39e41a01db2f6a39e3166533a8f3e9a85e3b1cb182101feaa60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\fd51d344-607d-4d27-b3a7-1cf847b0595a.tmp

Filesize
1KB

MD5
742c48ba76b4b26d1ed17b3c3a7bf34c

SHA1
49197d67bec34582053a30100eb54e636a4ce6ab

SHA256
0bb357d7742673990d0013181888a51ea848019c062df8627ed87729fa92757d

SHA512
8820dd10ce450aebf36c5d8e3e4fbe20a87a5d7263ba0370bc44fce3a0987b0fde7bbebcabe44201eff723c3bf3ea0a4e2a8dc387e72369eef3901c08c0cd474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e6bbd9413ed1455a830ca130cea4b2b2

SHA1
b6934f4cb027de070b85ab9c15165b59c0387f61

SHA256
147efef6501e074154c832bbb5e995200b18b628f5708c7dbb6e8cbf8fa7acdf

SHA512
b03f140d3f02c1fe999e955dec5f32103318b72c0c18fbac7086251934938bf142a65f609d2b7d9a21091f99e84ef286647120c462be7936206d42b71e23326e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2cdf594ccf792afc5b864d226e6d12c7

SHA1
668847d2b421b445d7bbe8a07599edb9cfbdbe76

SHA256
faf749b7b0b161c5164ce242dc91969e22989e8aa1aff5540fd978cfafa18177

SHA512
51f2c0e450cbec60c46241c0e5674352f1d3526b427094705d11990d07812f151c812d0f1a16ca1aeae6c2d6f901857a821b69ff17a9609739c103ae48ced3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ce7a33e2fcd5b979ad3fc6d5bf5aa2e

SHA1
2629ff6bc7e2e806720c18bfd3f17a924a6fe3d0

SHA256
fd7fed95edf9e6df649806637023563490f01cbe851a085ad7f8a81cf491f485

SHA512
6c1be053dba1371e8cbcafc17360667bf9458d2447c2cceec304dbd828357d22293f8188401b23ad9d3b0a99941b1a4e7de6068907ca8c1e8c104eed33499061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb3f6915933e5f304813ef7ef7ca3079

SHA1
ef16c4c1a5ebd70448ff4b61201c3b45a22bd93d

SHA256
1d4248e566cd77ef63f4a625f4db8071022cdfcf95bb66afbb92e044f539178e

SHA512
8d487772c4c444571ff617cd02cd888bd890f60f806a1cab135d292a81588437862d8acfd1f7a9ce7beb87743a1c9f21a3c427ba79356450074c52d7c05158c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
5fed41fd9d6d0f05efe3ba87a6ef576f

SHA1
89f2cd4f536d033483373d62fe4bab89a57260c0

SHA256
5b3ca2894845463b101afda8ac770eddc70c4dcf0c746d878ed02da46e2eac3b

SHA512
0d87e0eb904922d29a8688f98ae79cb3517e54871d30f900f1d2463fa967a869c6506c320aa700932d794c34501751211960864d18e5bd34087835bc24da24c8

Download Submit