0c89616a3c3f9fca80ef731c8e0130d30b8e5fa41682ea52ec4481331f9f98ab

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2024 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Undertale_Free_Download_(v1.08).7z
Size

10.5MB
MD5

5b1e0d522b0744c2075401b7813def9e
SHA1

42a315a7178a5f75fd40fa36eac2199e06661191
SHA256

0c89616a3c3f9fca80ef731c8e0130d30b8e5fa41682ea52ec4481331f9f98ab
SHA512

31bb8e1bae3f6a849bbe9ad0a800b5ee00f12026770117d099eb12eb554e67a5e44f696298909318e1231531017cadfa1e75d8867854ad619b20d96e35402c99
SSDEEP

196608:3LFfXgGlhYA5+afgH+5Dc1uVE4QVdGHat14eO7iyUP/zNN3Z:3LFfwJA5+afgH+5DjVDtHWOO//J

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133706741345037726"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{994B03C5-BF8F-4BD8-8579-718D40417C3F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
456	chrome.exe
456	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe
Token: SeShutdownPrivilege	456	chrome.exe
Token: SeCreatePagefilePrivilege	456	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe
456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 3956	456	chrome.exe	107
PID 456 wrote to memory of 3956	456	chrome.exe	107
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 2404	456	chrome.exe	108
PID 456 wrote to memory of 4800	456	chrome.exe	109
PID 456 wrote to memory of 4800	456	chrome.exe	109
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110
PID 456 wrote to memory of 440	456	chrome.exe	110

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Undertale_Free_Download_(v1.08).7z
1⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4252,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
1⤵
PID:804

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd3bddcc40,0x7ffd3bddcc4c,0x7ffd3bddcc58
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3956,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4508,i,6432956689247700734,3515580529593745828,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4400,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:1
1⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4192,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:1
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=4796,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:1
1⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5600,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
1⤵
PID:2280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5620,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8
1⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5624,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
1⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5208,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:1
1⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=4348,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
1⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5528,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
1⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6500,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
1⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6700,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:1
1⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6856,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6440 /prefetch:1
1⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=7036,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6988 /prefetch:8
1⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7044,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:8
1⤵
- Modifies registry class
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7040,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:1
1⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=6552,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:1
1⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7392,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7380 /prefetch:1
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7568,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7524 /prefetch:1
1⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7720,i,11251706013556949551,5157034131170452377,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:1
1⤵
PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
13733aa641b9c512e1f8d1ab9278bab4

SHA1
0225f3490a796e8f5ed45397fe89bd1c6b91fc24

SHA256
d1483c9c138fa4b198f26461af1d4b3f09dc459636e95d8e332bb34574e0f69c

SHA512
c90099059fc0760131b430bc61ef88050f922b5b296b91519f22554d77eb327f93c58eb5a4bf3adcb00f71313941d32c6cb7f9e8af41f32cb8a14e45b70d9761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
150a67eabc876d5120ede62bfdfdd0c7

SHA1
eabf222af995779826592d45824aeb0fa1b20326

SHA256
5dcefa71db822952dd7aa21a500199002b029ae07f84d1c984dea58252d24eb5

SHA512
dc9113198ec1e80dc7d51127e16205678b5c96ea9f3acbbb981d347e6577c2f45af107b39578775a006d5324555b00695a25ff748203b8f32969c400b6612f5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f898b80342615c7bd9f7d129652e9709

SHA1
9de7b235b08e8e49204ad8fb6e3eeab67a347a1e

SHA256
4fc6c3585b6d92d35674edf5ef19e57f9c972d7ab014b947c2a8d85ad56bff96

SHA512
eda6d9f44e4c6a42770a4d9658f37e2c6bc1e90341e170600b054d06a4fcce7ec8d03bf8ae0c6a6453599400325b6396489986409fc33ddf0028ddade91b8493

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
959fd46f59e602e808097c8a877740f5

SHA1
0e7974a06a8c64ab2a74e70e7646d911b40a41ef

SHA256
47751de15f14301716a43b054f1d5e1decd251b16ab66f50f75b76d6e49f55b4

SHA512
602cd3fa9afb0af77347e57ad3c9e8237d5bb0f190e5259f50fd6bc66e819fe428ed9f2b86dc9f7339cf74f2b654d5d92d8a11b905a8bc06a84d7e1cea849a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
71060cd42c53e6a736bbe62a0afb64f4

SHA1
d679a3755e4f68c41e8beabff96b95cb3738f9aa

SHA256
96de67b9220db11d60923d7a36f8397a64682a9f41b065e7a3e0deed24eb0fab

SHA512
7d90d3f5912da4143c9277da5dc1899699e89d2a6e3351a05d5ff9426eab2682e3eaa784ace1c57a6635aa246d09f965c96f07ef1e1e27a78300bb54b831f363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c18d6db3109e5ccb99258dad4f6d5aad

SHA1
9f6e332e894b556b2378f956881a3601c8336fb7

SHA256
5fabd199350dc2763c5b5d6f22ccf7cbd6f5b66672be6bd887eb7968c031c524

SHA512
08702d578c51e41a0572ba7cc549e1257292cffe946ffcc315a9c7784062cae4c5357777f9f933b7cee3bef46f8e1f5e4176060666bb62fdb93ad45df638b4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
03a8aa4ae53e58fa601479476ec388cc

SHA1
3851fb3e10da4af864570bb294ccd2f7fee3d694

SHA256
cf8536844fa59f3e909400f1a8d5d50a6a3799615c78aac43a9ec6a8a66cee0b

SHA512
7f67f22cfb16d64aa5f4c65ee90cf5ff984e36981fbea4610834865cb9a6c3a5aa18053627ae7a8cafcf2ad8186a92fbbd886bcbd9484ae4e1d4262c0e45a4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
04f03d8f8d19ba4e71fcb1ebdcab7673

SHA1
930037817573d0bb12031a800023ddc2205fe4d3

SHA256
5c4cd5eb69b27795196362a5f9ee0f65b428b0eca9d7cda4ed5359d13127954e

SHA512
19c6ec5e4584ac1b808c57ea8a2fe2342266f3d8e24deb50d4f62d75ad83812e6ff5ed9070c28dd2ce066885a781b5a2c1280c44dce14deaec6ef7e9eccc770e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5b960321cde155b7fcc4883a929ff4f

SHA1
146b9adeec381ccb6bc7d70be5cff3f599204c20

SHA256
274bfa780fd6cba7853a322e13c3803ac605f44cb2373adf0b9857338dd1de11

SHA512
2a86af1482d3e288621354641345e3bd5e278a807705a971dd2c89b7ae18d487ce4629d504a7b8077376700a80f9548bc58826d21d15f6f65cc9173f050f92de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7b681ec024f76ca9434112964a0e913

SHA1
1e48f6d48b45d861efb03200398779cb46ee6176

SHA256
ad9fc3dbc74a638955f1dd6f4d5bcc9f136592eb1c4e60a47ff800cbc8aed23e

SHA512
58157f509ef0f508bef17c868b85d2268cd7bcf68b8046c7436d5e4b4c3adc8789394f76891008ff584abc042871b346bad81c349f4370f44875de792aecf27e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e13c1373f99a4a8b24f2fa0589f2c59

SHA1
2c82fc050d752863f12fb64b016991a5c911dc23

SHA256
86e7a4c82e6007de4c8e09a8b00b38966351d5440f1a783bd96f80af0deccc7c

SHA512
80ef0b617e4a0e6edb14a47a5c619aee2a49e287c1e9acbbe450e0a99437edc870dac8d2c927f06e853d4d2dc739b30a12a765216e3282396658eb936df2e3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63e9d57d8d9185e4ae586ec531e1c3c6

SHA1
84c6152b9afe037c736b29a5122fc719d773a867

SHA256
6d88a25e5d3e6b759aa444ec2138976eb68b84c9f85ab64a0dbd13448a95d5de

SHA512
6273cdb617980f999fdcae6b1783731b2ac66f75ba9040bbf9e5f5d46497c4d8285f874f49669cc373221b5e0efe0b77d03a3e78f100fcf3baa58ac77a3bb8aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b2af6776849a057040054d5273abf03c

SHA1
92da096e90527a4014c583137c3574bf61643495

SHA256
efcf64a3ffbcd067235baeeaa82707e8a60230f3d3515977052b821cdf3e1446

SHA512
eb982ebfd47c4d241fc6621c0dcc4e9470bb2a65fe2b0ef8ab69ed72b217486cc0fd7f3b4170cc726de5deb4f5856a86613578420ca564976abcdbc6708ba91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bac00dcf-9b6b-40b4-91fb-243998313a56.tmp

Filesize
9KB

MD5
705cbf74ec6609c4f6b2e60fcb85e89d

SHA1
1d63302d2ecdd003128cd78fff614cefb4dec0c9

SHA256
2a1f852dcc94e01332c85058234e961f780c1307e385b08f6d6c85ee611bd6d2

SHA512
8ea1a73cc567d03d99445bb9bcc045150a0b3709b41495083049074db2f91af72a38901076bcb9a4b4f797337ce800b4f8d0af7cfba061a0f263f4ab382175b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
4ceaafd3df538b2e30cb29bd2308cc77

SHA1
6bd513eb02b0818d04571e6f77ddcd45107cecce

SHA256
812540f61d1d805cc4a39a5b6790ec39768821d6cd6bef8210bb2e1a6918aae8

SHA512
5690909ea0cc81ff0481e4cd83763cfbc3b2898eac892bd085adeaed0cec0b2ece7e28f839c6e065341e230ef1d1a1cff02351fb7dd546da5b54d3ca19a9171a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
433366b524cb45a4c5e8792f6a57bd27

SHA1
c174c97727156418cce41d6caa3f0ddd054d2d8f

SHA256
f856c1da8dc4b9f4ef0e434bd424011757a736d93a8b8ba2dd1846829369c395

SHA512
8e24542fae1ea568b7def88664a7cbe7ef9efca1bf4ac653e64ab745fcedbb206a69bd2c8ebf0cafa190b1a615d6e3fa6678aa684e14ac848c0aa4f379e9d4c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
0f2df07489e201ef6e30ec6223becb1e

SHA1
06517bfd67bc45907c09e7357703366866164704

SHA256
4f23a13731af8df168190094f6a02306f05a71c25841ec5207979805a1afc55a

SHA512
a354c83bcc943787a6ae9c7624a90f381009791437b6d2f7815bb39e07d1254ef9e8aeb95ec6b25054101d0cf173dc09faf45c6491c9ecff54318d263e7fa145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
87c07f13c07be635148651b9ad67a9e8

SHA1
a8c779937401fb07fac9b76f399907d65bbe58b4

SHA256
b40c487c21112cc4e7d82a3d8d55ac862135f46d304292513331179738d41963

SHA512
faed76bca6dc0bfb67c07cafdb995ced983cb23b78a28bf0c21abb9243b7cf29b7f9354d51a6eeb236e1b8f27092c11b69d00cfcfef92fa4b54f267198600936

Download Submit