Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
14-05-2024 13:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1234488074650517647/1239037173655797860/Solara_Updater.exe?ex=664419ca&is=6642c84a&hm=92b335a2c826cb9e50e90c4fa1d356a618e67acd8c9d421409f4f51996b5030d&
Resource
win11-20240419-en
General
-
Target
https://cdn.discordapp.com/attachments/1234488074650517647/1239037173655797860/Solara_Updater.exe?ex=664419ca&is=6642c84a&hm=92b335a2c826cb9e50e90c4fa1d356a618e67acd8c9d421409f4f51996b5030d&
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
pid Process 3800 Solara_Updater.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 3 raw.githubusercontent.com 20 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{F1B4B4E8-3A1B-44B6-927C-FF497956EF82} msedge.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Solara_Updater.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 794691.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 17 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 868 msedge.exe 868 msedge.exe 4736 identity_helper.exe 4736 identity_helper.exe 3128 msedge.exe 3128 msedge.exe 1280 msedge.exe 1280 msedge.exe 3800 Solara_Updater.exe 3568 msedge.exe 3568 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3800 Solara_Updater.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe 868 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 868 wrote to memory of 4092 868 msedge.exe 79 PID 868 wrote to memory of 4092 868 msedge.exe 79 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 1560 868 msedge.exe 80 PID 868 wrote to memory of 2504 868 msedge.exe 81 PID 868 wrote to memory of 2504 868 msedge.exe 81 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82 PID 868 wrote to memory of 1200 868 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1234488074650517647/1239037173655797860/Solara_Updater.exe?ex=664419ca&is=6642c84a&hm=92b335a2c826cb9e50e90c4fa1d356a618e67acd8c9d421409f4f51996b5030d&1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80d903cb8,0x7ff80d903cc8,0x7ff80d903cd82⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵PID:1048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 /prefetch:82⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1720 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1280
-
-
C:\Users\Admin\Downloads\Solara_Updater.exe"C:\Users\Admin\Downloads\Solara_Updater.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:2840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3868 /prefetch:82⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3576 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:12⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:12⤵PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵PID:892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13929352946945678007,3249018431159051182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3016 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4448
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1152
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
Filesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
Filesize
86KB
MD5862b6033dc6723bda6b54609820b9b3f
SHA164881c76d084f2ff93cefdc4e0d829b03861f696
SHA256decf0a34519cf25f9e3f2e3fd6c15a5e52f4f550541a151121e9a5bee5d9220b
SHA512695c1d1e1a682851b5a3eb52e8be1563a5d2a26d7925db8fd8aec8b0eab0ffa1cdeb18c4c4abb0660c71a3cbd6939d04ebe5fbe47a27a69c52d4151520d520bb
-
Filesize
48KB
MD521af9bc981d404957c6344aaff4b3e28
SHA1e5569bc0876884ded0d9594432cc261effc66d47
SHA256e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051
SHA512fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ad5e4e2a82c706de4beb863c6f58f455
SHA1c83fb827083bd64797bc7b716200ec0ffa6ec487
SHA25637a259256d9e0b68fb1fdb999888cbf6087b256c4f46f7dd20b146f4a737ca94
SHA51225ee0292cb5324aceab0b317f04094cc9b621a5babcd23772a69a08dd7088f96d1e7e0fa32f8358bc2b31d35f0d4e18403784959061de9cbcf3e0304b6873a85
-
Filesize
3KB
MD5da178a5eae7ac65351874261f429b9b0
SHA1eff4c797a68d0abd212e2a7d7beee2c43bef30d5
SHA256d6dcc9e9fad77e40ceee17a1912f8ca2e72c4d988af8b60c8849d5d8d3e9369e
SHA51207ce158a7c15ac17c97ecb6b50e32f80f61901380183079cb0e8990053874d47796efb9d65f382c5f6454896f194173a643af7130dd552ac81410910cec7b34f
-
Filesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
Filesize
6KB
MD56ea11541818640a1fe9d719e75c85b85
SHA1c6aae8ff846ee17fee995a4808fd10fe2f2d11e4
SHA256cf47a07fb06b5722b1ebdf23b851fd5d1a2663061a35afe43ba4905710629437
SHA512bc229e2cf54e6e2402b2d462cd24c7fae20243907cd9c7855d11453d520e89637a9d67410b62fe22b152928d5c7265bce1c9a996579580802a647fce685e2c2a
-
Filesize
5KB
MD5907af78a23c951ddfd8c15f51df17ff6
SHA195c08ba3e25a54d3ee3d971e955ddb484cc90027
SHA25602a9b3352dd599c28a628e2aaf4e48b364cf2d22ed53006536c268e0db598310
SHA5121b4fd84b4c4fbd5a85e6c0d9deb4e3e52fa5751a45c8cb5a537f361c3f84409028ba4b5847f192853f23e44546fe8a0c56e14c0ea9b34b626ffd8d7008843b8e
-
Filesize
6KB
MD55cb7ca9423e55e0ac725196076a02fc6
SHA15d42f7e80ef3b4a98c2adaa33da04300315bcfde
SHA2563d5fe0ecee55f07c268fa7727a7296a1bf6eb35af156143777a9e9f1f67211fc
SHA51236e8391a5585db3ab613091350bad8f96d1a6872bf8d617cd6035c9c5185f0b72b58357909da872ab69613ebe93e898c29f3582f3be574a8d15494b10caea3ab
-
Filesize
2KB
MD511f70165bcc5a107776543547967af51
SHA1ee08e86dfc472076354d3ccb1044b788bace5523
SHA256b224505e5a30deb5b3a5034f46dd946d83e48c7d2b1f9839fa7e637a9bc5713a
SHA512c177ff035b5997c572ad2ad61ddfcd7c8ac86412210a23d7f633099d9143583325e6f91e59a130039c2e90fdaee24f1c8e1fc5f8e91bde7e6448650403d7a93b
-
Filesize
2KB
MD500eed789dd001ff9b2e1e9cd9b37229f
SHA107ef1abbf5e8e30a7ba36ee0f5356c45de5c3760
SHA2560434149e5113f46ced8071311744b885976c2e7288ae243564b5b639a4867e6c
SHA51230ddf689f841e25e231f0fa479af68ec9dcc42d4bb7a0ad458b508bd0ae8eb39c7847af004b97994a3a550470c57360af13e8700c688148056d22d4446275eb9
-
Filesize
2KB
MD5bc64717deda3588072942934c6db1d3f
SHA1fa18f451bc61d0e57aff58bbdc182ad9712465f4
SHA256e7363c19a43071ffce8e73d74241f58d6007d4571e75bf82156abf587c4b24e0
SHA512b47efc7a5eda4e1d2be8456e3a9a88194c2a562093df58cc6e19d5d04ade62d3e2dcc62ca373acb19a28618b7783d7e4b784908c9f8e54712f71fbda84fce877
-
Filesize
538B
MD53c6bcab93efb1db123145b287acc13ce
SHA1baf408f0630ef82bec35286cac9efb395f3d6f0f
SHA25644262cc7a2d10e10934f4fa65e4aa675835cb72985b17000e0752f02f769e2b8
SHA5121ac3b69dd7eb0e00ebb2cdd9283d87d2cb42c741939f23c85f0a0fcf0dc937d2c64df84bc27f9928bb7c206ac5e3b49518ace1c10cb3c5503b46eac8f703c143
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f924a774-16cf-401a-b992-af52cb66b4e9.tmp
Filesize5KB
MD510b66135a4b84bde65c86731c63f7dd2
SHA12a4ee0f6a63d71997f398dbdfa085a38342e8a61
SHA256f20f19432f5c08cdc6f934d89f4154bb53d1178eb1b84fec6b83ae7905d11f6e
SHA512dd22ac2a1149ae0fdcdb1d5d4dc243856b9cc7cee01583fd4828ed6060c00e5660201a3336e644d48fa0c5fd56a3980b19e5d65203183b1baefd7c46ad5d5001
-
Filesize
11KB
MD5556dff8e13038e37bf69df2be459ad0e
SHA146555df7ce44dcd6041ba76e048ee3d9b016b0a2
SHA2565e53589f20ac4cb21185fefe3fd5c08dcda6f6cac29356e0537942324ae8f550
SHA51278e5489702cbe3c93f771a24123ceca4b936ecf26d17d3626346f077e64647fba5dc970aa2bd47cac64484cfc8b1ddd9204b01a260af82598e7d0b774e081351
-
Filesize
11KB
MD5dc3c808e4d1aedf1d673eaea3f3e14ba
SHA13fb14364444b76e6d74068de8ce51b1a0673afee
SHA256d29a28b587c42d96acb2f4cedaf301df6a3aa8b312bcf198d3001d871de59dc3
SHA512777963d3c8f01f6d6354e66f41b392944caa424ccc1dced359b291e2f7e9efad2f3e02e53a51e6ef4f5add1d805a30b6803d7d7e0b0ca595001e4054d0568be9
-
Filesize
240KB
MD5b89051e8cf348e69c0943b540af3b99c
SHA150200e338cb5df75077c6144884bf0ff6bf7cc7a
SHA2562e0a0e7e5d510f4274cd22ca2ed10f4bcca932a8cb2a756a47c13fb36a5fb58d
SHA512ab1e75c6ccf80fdd29bb35ec802032a46cf642e444ba392a2224cc025d05d78148f60bf81d4405b25301ce86b83e03d9249378864afa575fa6a61f05dea21408