Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
281s -
max time network
308s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
08/05/2024, 22:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1234488074650517647/1237864702739218442/SolaraBETA3.rar?ex=663d32d7&is=663be157&hm=7d93c929d809a1f2aa9862e9037cca938b072623346f0fc313795132710daee0&
Resource
win10v2004-20240508-en
General
-
Target
https://cdn.discordapp.com/attachments/1234488074650517647/1237864702739218442/SolaraBETA3.rar?ex=663d32d7&is=663be157&hm=7d93c929d809a1f2aa9862e9037cca938b072623346f0fc313795132710daee0&
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{BFBC30C0-9F71-418F-A125-D038B70FAB80} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3388 msedge.exe 3388 msedge.exe 2896 msedge.exe 2896 msedge.exe 3912 identity_helper.exe 3912 identity_helper.exe 1172 msedge.exe 1172 msedge.exe 3316 msedge.exe 3316 msedge.exe 6088 msedge.exe 6088 msedge.exe 6088 msedge.exe 6088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of FindShellTrayWindow 37 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe 2896 msedge.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 4992 OpenWith.exe 3996 AcroRd32.exe 3996 AcroRd32.exe 3996 AcroRd32.exe 3996 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2896 wrote to memory of 3812 2896 msedge.exe 80 PID 2896 wrote to memory of 3812 2896 msedge.exe 80 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 4816 2896 msedge.exe 82 PID 2896 wrote to memory of 3388 2896 msedge.exe 83 PID 2896 wrote to memory of 3388 2896 msedge.exe 83 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84 PID 2896 wrote to memory of 1276 2896 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1234488074650517647/1237864702739218442/SolaraBETA3.rar?ex=663d32d7&is=663be157&hm=7d93c929d809a1f2aa9862e9037cca938b072623346f0fc313795132710daee0&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea74146f8,0x7ffea7414708,0x7ffea74147182⤵PID:3812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:3520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:82⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3600 /prefetch:82⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:12⤵PID:3916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:4620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3952 /prefetch:82⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4944 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11097684467950245040,13574312569324743724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3688
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4992 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\SolaraBETA3.rar"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3996 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:3136
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C62ECBEC5946D8157671F062F99A657 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4276
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5AFC49F0E2D9A77F3EBA281808E7AA5C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5AFC49F0E2D9A77F3EBA281808E7AA5C --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:14⤵PID:2644
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7E4CB0B54BCF64F795E169942D9D5929 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:3356
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FA5E75D5EC9444DED56F5191AA9F35C8 --mojo-platform-channel-handle=1788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:1032
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3193A912062BD034400062FB401FF24C --mojo-platform-channel-handle=1796 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4036
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD586d9a10bcd3bc45fc058119d2a7ef712
SHA1d116f56578addab0ba284134da7ab52cc7112b73
SHA256378d8d46171ae08c1058f11c7df30e5578158c1d33c27dfe2078e2df526fd6d8
SHA51249391ff7fecd189f3cacb89402ad9e8bc1995a736a13c5fda7510e3744ab762882ec01f34a814e0e74e6b5d71fd8c270a45fc464b9340d22fc9d0a7ee595df47
-
Filesize
64KB
MD5ac13632e055df536f1ad6990e9c85ba1
SHA1bf566f64faef8b5c17cf8c07e3e08a6bffda43d6
SHA2563dd070e8d4a052e1b54bf10e6754ff99715fcef7925a4b08cf61c8b6425b052d
SHA5126599f1fe2430baa4e0e8a3968bdb273566ffeee280d3d5acc0e9742bb6147cf12d1351a57739e3c8daf046afb0ac102a5cd6133157e626b0927c79ad1006f3e3
-
Filesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
Filesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\034a8e16-cfae-478d-a7f0-bc15f88a9160.tmp
Filesize1KB
MD5732ce81947b163ed6c0d736e8b026303
SHA1ab4bff9b19737e234467e2183e991f655a41d32d
SHA256b43eb84a19ac122ff4eef2ea3879dd9749b08f2b24ce27ed71aedf0cbb045446
SHA512778c975c04eed3d184e8da8cfb75ac5a3505ec6f5c6d826d1ff75df53bc526bcc978fc3192aa5c3573b5b390f126362003085690022c72c081320656b1dd5c1b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7d86e486-5a93-43e1-98a1-df078a51d744.tmp
Filesize6KB
MD513ff9273168476f1bff079f5d028f245
SHA11be465a62f667e3b391c9bdafd7103d3c031d7f1
SHA25675c86c38e745472f84a81dd327c44f1902439fa8b0a0bccaf55d107e995b31ae
SHA51248b6c51ba9bfd947d60f87e3dac9079a00139ab8aa1e2767af03e9b9865d2f5d391863306c6bff30b6392559c72f48c8f35d8977f4af021afa53f6238634ab57
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD59bc190c9903e15966a0aa02e9228bee9
SHA1914600b97b12793043aaff880ef9fefab8ca32dc
SHA25658c9dd0f06d2f653ffc4f13a5522daef655d0e282d695d74d831eda7387dbad1
SHA5128baf8512e263877d756cbb1bda721c7d40723be13b6c6b9c8a33efcf77b336845c7f7c753ad428a3eafdbaa3ada01ef04ff11382e138c7453e237e19feccfb7f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5b2708a1e5c18cd628205e1e34638f5ef
SHA1105a722d0367311adc421265f75050f26c4caf27
SHA256dd532118e0d24c4357cde72855f8e7812f24a3264938e05d32b81fd1d45bab50
SHA5127bf8975ce80eda58041fea62481de3526e7ea852edacfabf0203f45423510c647d639baa548287f944975c2345528593987e69f5c465762dc858d9a8ad4e3d78
-
Filesize
6KB
MD5d61645fd279701a9dfd9dc42200f764f
SHA12083a2fe7b4a6365b0dbdc53f4b8c01af05724d4
SHA256270d7365041bc18e9a1bf7ce86226b597ce0e9a1ed081f46b08cc3593657b882
SHA512f240275d2760166b893286b1327664b4d93cf86fb685e704e0c642de86fc63ceb0fa570b7f76244d6f34115be1ab4957514df3cad7e21522dc3226ddecfde93b
-
Filesize
4KB
MD5810ac5f4b6882c85cbd1576b1e40c808
SHA171e248cdaf5dbc345da810fcb29dc47564a2ff62
SHA256d281a5cfd9b2df540e4902171c8daaf2ef6f113f1cc351335ce4b1fe19e37292
SHA512591e0f93e72b85d322f41f79aeb6a6e0530f7f8d89c949798f6eeda7b2e41862adbad19e883b6e757c44e50c060f96f267187aff75e896962af0753e7a29a3cd
-
Filesize
6KB
MD5ead632b8689edf6250a42dc2bebe808e
SHA168ee51e9b66a709873a13768a22f23c1e4c66326
SHA256385b930e82451d60b38fa319802ef6b7ebb7ec1d908c75803148e50d77c6e5f7
SHA512525559d078310b3f5325d35bd13f16f23f5c6da296bd3a2b50835637b236f22b118e610029edab387e1371e0941416c5fb0b5b011e44014aaf73dd29fc3fa81d
-
Filesize
9KB
MD536f02853bbfbd709016a5d3827bc246d
SHA1a965c448b47adc86f6155406affa59dc40f3185e
SHA256d3680b536f21638439921f572b51a2f873ef09bb86b5c6d7f68244f068e48ed9
SHA512f16b09fbeec4231cce0bd6f55a5108fef0041ffd6b009a7043bdff005f50e1273ea20416a3692da698dc7aa895f6df88d33121047835e1ca4265f34af3603419
-
Filesize
6KB
MD545ec99bd6244f3b5336ee92897fb12ec
SHA17c00704b4334fe92a0540619cf836c0854ac50b4
SHA256d5c72fc114ab51c4daf1158bb2cd121bdd007837014a2650f90d173a70a68c54
SHA512c34df5c9cbedb3b2af10fcd93d51e248e72633989170e45c2c4e5a9418cd3357b47d901159f80b9008a632fde20e35ded5bdf20aa2656330da0228fff601e582
-
Filesize
538B
MD551d3a37a4cfc12faae35bd443e179bd0
SHA1d4559dc533e653187d20eac8e75982dba4d37b08
SHA256da602f41333aef3b74fd0ff93e83f1a8c0f90abd634ab38f7ae259d94b94b57e
SHA512c0dc9de25dba4f320a3ae7a22d923e3c7bb0713a415b0e8f870aea9d9f3bd37ee35050a30a35a380354cff3d6d248dcbc12656705ba8124ba2392937796c294e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD59b4b56795264a19e997e5e147405c650
SHA130436884e3d6a0883ef764cc0943aec8bafeec35
SHA256fa2cd0cd9c192c825aef50c742d0eb0c9fb24a96c1c3326fde23a21bd3e4b57e
SHA512720de3bd7ae8c6aa09a2450a64869275b166ee174a3e6ac8b58fd68119195fd26e771b389bcff4849bd5f91194f0b01a5d5e06f6ccfd09645d9027ed2f27b439
-
Filesize
11KB
MD58e7d7659ec405441695255fdd9ac56b8
SHA1c6b537b3517b63974e06eef622d02d9f9560a07a
SHA2568316981889ad162dcfa5700f29284511dbbcc3d1c3f2c79d683c715114a83139
SHA512b386961ada6760bcb63243048539cda06f61d18ed0e4660d7451e9a40629f447a54a1ccbd65a58a2f57ebbee3c58c2a97f3d3814df57588c7e2d861b7fdc2738
-
Filesize
14.3MB
MD5a6d8949e3f607cdcc0dab3a8a238e392
SHA1cebd6a5f7119992718631c1c31dbeb836f60a8eb
SHA256168a76679d03d1e2e72cfc68f665ac3e9a498a8f1c3e603b808dd92723694c4f
SHA51271d6417939c535cc0dd6e60b1772d22c840d95977a662d3e18d8f7debde41cd5d343095ca14a7ccc6226b437c8c6c66127a1b2a2d99c053fcbf4ba7f18226d03