hxxps://linkvertise[.]com/1169231/solara-download?o=sharing

Resubmissions

05-08-2024 04:40

240805-favtwa1djh 8

05-08-2024 04:25

05-08-2024 04:22

05-08-2024 04:04

05-08-2024 04:01

Analysis

max time kernel
119s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/1169231/solara-download?o=sharing

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
92	api.ipify.org
91	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{3F12BDA2-6F4C-486B-9586-0F26D3A7A130}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
3404	msedge.exe
3404	msedge.exe
4996	msedge.exe
4996	msedge.exe
1116	identity_helper.exe
1116	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe
3404	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 4468	3404	msedge.exe	83
PID 3404 wrote to memory of 4468	3404	msedge.exe	83
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1372	3404	msedge.exe	84
PID 3404 wrote to memory of 1444	3404	msedge.exe	85
PID 3404 wrote to memory of 1444	3404	msedge.exe	85
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86
PID 3404 wrote to memory of 5028	3404	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/1169231/solara-download?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff073846f8,0x7fff07384708,0x7fff07384718
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,14441020533126472868,17367013118593239169,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
81ba34140ebe27dd85d602bbae2ceddb

SHA1
9f27315a3888ef7547f9a2aae7c76e8a052c6c09

SHA256
d605c4be1270dd50fd39fd1b7232b432bb170bb39947fdd93a38d8806c5ebcc5

SHA512
19e3bbecfcce2d004fedfcf2c8687f5fd3ad5f4b6631f21f03923f7de7a7a819f86f302433fbc4f6dfd9c017e977193d4e37f4098a31b62d4de883350ac35cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
302ae256ce0110863d3de8e49d6c629d

SHA1
da6aba1fb9a7a1a716c7827bb9d549d1f5f7415a

SHA256
0c112704b4a99184d0c15f89ce90588aa3ed565518daaff2adc0a207ed26b240

SHA512
4f05c2dc98bdc68efe051c19aa61b9e0dd1d734e7d07a34e3659ad23ca0b0e642dc1131094f44376467bcbda9e782b658782972745f32f7c956fbeed8c134ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f9404fea493e3e93e3cf03117b0b1837

SHA1
e43f1499a28375927369e16cbbcccc0658499c08

SHA256
59dfd1d17c89d7895a002fe12a3bd1675387b6d545b310827f1ced7c2acf30a6

SHA512
3a0e08eed3594e2af4e58c1fbea0a69e657b9f36ab0e2b400c3ad21730c953ff18fb55088baec84a213dd7f74b26e2f991c80f2333963c418333cd9f00227b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a1a44b1640472e560d7ef43bbcaacf58

SHA1
bca70d35e7fb8cbaeef815eeb30e3bcbd6f11501

SHA256
1311a1dd013137bfa2efa334d9feea6a7c0af842cd15566d41b71da281d53615

SHA512
773ad785ee7ecb615f7d9ac6cdcb529cbe385446fa55b324c4591d328319bb5b8a520b3c05ddc39b5ee545b39fd379ec764c676728239701b40c468e415a0c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
087694291346b14ac272358cf21d8100

SHA1
e79a56c635800c68c7e3995781d85cb0de256b9b

SHA256
6336e621ea3452ae08bda881aebeafcda159bffeb610b76fc09cd5ec727af5fb

SHA512
44859997e5a59e3ffc65155b065b793a76e16689b9b47ee3d1d790443bda5616e9014cb9a49950cb548de63bfc08782876f803c0614e51eed18788964d1e7fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b88f332ad7c29c60119b30726669906e

SHA1
74489205e6e1502af2d8df941d6b8920cc343a13

SHA256
a340a440058a5b9d12aca774aefbdd85b4ee8d09a963d0f11355e7d0776eed6b

SHA512
dfe3e7ffa9f0cf9d8ec34893b402e67e3fdef19779c1f6e02f0369f260345e51a15c5eccb781cdde8b203aa2556a81a8f4b37908fd5d02c92269b5ad04650413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4335156e9816af25672ddec04a1989ae

SHA1
5f363da0e9026bb9985fbc69728b8a28f6064ad4

SHA256
8d4314c108fb6562765f69078845ff7110390d245743f76e815954902e94ea43

SHA512
2265c0473f2470ca6ffd65057058b60081f8f5ef09de869c2b6594f8c5fc6ed2b7ef906e35247e2d952a95d89aea5856a47554f97e785e14d3ade7342d02f1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d2db4788b1eded1d266824f5ac0c009f

SHA1
e699abc68bf513f1ccdf32e1415fb81cf8dca757

SHA256
c8a144312c38a43dcdef3b3880d3c4806b7aed28042cb242b3dec3a4205a348b

SHA512
f452adde4e3ce9c13400a4cec8415b80f9e6034845c3fff25c0c7783798f6b521e5738c4e8e11faea960c11f1d969825c3d5a6f1bf5a5fee938e30ef0a0d629e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
773a806ba8ec871f668fb06730568850

SHA1
06c0e2aaf9a63d8691fa1140167bf835dd8f4049

SHA256
8bb6e8ca631242b0f5d290c5ae6d15877767a40518a8be13ce5f0cc4439807b0

SHA512
e42f3ee5c6bf803e4b2a9cbef0abccd7d53314d25fe1167e7d8d71a85daf5651f1f66f163fe06918d8e8fc542d77c74e7ade60f2cae875a6ec1046858959c5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
446c251fc1ea17a02c99b18edb4ae810

SHA1
4a30a564390f6c4181cfbb6e3dc9056990055157

SHA256
d0b4047d8e123c2c0ddd57c873e19c3ccc61fc03f098aecc1422a77b33fba3f6

SHA512
18b054ae200307f1d0a7c1d90a8413c4a4dd95633c1ea334ccf72ee3a7d884a601e4a6213ae5526ad06e21a817347d179632a586912158957f11e32a79cbe01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3ebf0b5fe3ac7b0072fb7e263383bbbe

SHA1
76a11698e2a54dafb2028029366946a0d69a5cd8

SHA256
5cc963d9aa5ca2a36c651fd3f354d6be741673e2cd2ec44374f41f2d9bb3f870

SHA512
f96313b4ca51078cec186e09ffe3b2b43578f05c64b0b4e03b778aca93032f35ee511125c5a5837a6b50131b99a75976fb8d6f0c07d17300ff53bfe61bd17a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
016555e331942daa47e25601dafd25d2

SHA1
d6e4c26641faefa8352eb4b5aedb402c6953bf3a

SHA256
d24ccc294359c5b46671dfd8c096fd4b2cf2231870b490f544dad09e262a0bf5

SHA512
23bfdb92c280c932df1ca24009651673158b72f7991857c23ce3e84eb640c793f60ef0757659b72f6eb7f2119b053e59ddc95de7eceee3d0d043e319bc4a5181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4a6dd707c394e05514458c627cf6420

SHA1
5c25ab702b8aec682d6e39f43a79d0a29c4782c1

SHA256
7e45a811bb6e4d26ab5ffbe9d3cb7c35d70f73bbb2376fef9eec0ef47ca04664

SHA512
6f46134346d8f460a25a8206d86d95e69eb3e1b3c1107f320758be21e0143165c27e23c2b78fbe181907d900354cf677e894f335bb922ac71be64cf5b770f387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8b19da8eec0cbd6efc1c8e767cbbe0cf

SHA1
d460d118feca90a10aed578e3f7206dea793fa0e

SHA256
fab3a6953761aeb51bd204bd8dd29d9fe7de8873fee44da229dacc6ac546066d

SHA512
dd794621c458c9a9955999ea2362f0253e73ca92e23a807f17d7d83415ad9fc9f98e5579b8c3a15b0d03fe4b3b267c11d7d51381cc2a7ea88cc2c2126545c41b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f453.TMP

Filesize
1KB

MD5
32a61cbaef06b2ad74f61d334c380b91

SHA1
1b38a4b1443706da22b03cab316391546b1af60f

SHA256
4d67b7978fece4cc292db6311bbc7cb6b25bd2d9b925b3d6ce776f972fbc48b2

SHA512
512b377ebf32ffa00db362b7efe43d7b83dfd9e3a3f356c0efc75c14e88abb2220ff19cae25d993f77ab06cca88a50992c09d745504ee811a99220909780b26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c80b878a3f8b398ced5ece1d413aa6fa

SHA1
ca61a2b2db11683bcbb5109eec257c16f0cef61c

SHA256
21caeba3bdf0fa49c1ae90404cb55c8d05312525384b26ac853052c9657f9236

SHA512
0b7512c6e80762120a3598cb32b22d8e03fec2784544424e61b0e61352d9ca925d0fd06b54d90a2e92610519754f540712fbf1f0306c7f0501d66e88a42f6c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eae3ceee2013ef6d79ab0d8f609d19bb

SHA1
606ecf5d4a52f29d709ae788ad71c96dcb1ce017

SHA256
1e5bcab7e1d81814c45387a13bf0f9e0585e84ded3d855080016c7116bc5fb87

SHA512
1c62900eac93d3bb4b61ec88215b28a89ad80f62a389778d16cbba1bdf74ee954de90c2ec2220ada0f0f9d4eabbd39d152d2aa39f4a3beb5edd83ff79cb70132

Download Submit