hxxp://www[.]mediafire[.]com/folder/cglu4f3m43vws/Solara_Executor

Resubmissions

10/08/2024, 06:32

240810-har44atcmf 1

10/08/2024, 06:29

240810-g841watbrf 3

10/08/2024, 06:26

240810-g7e1cstbkf 3

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.mediafire.com/folder/cglu4f3m43vws/Solara_Executor

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
596	msedge.exe
596	msedge.exe
3496	identity_helper.exe
3496	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe
596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 3976	596	msedge.exe	85
PID 596 wrote to memory of 3976	596	msedge.exe	85
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 2312	596	msedge.exe	86
PID 596 wrote to memory of 740	596	msedge.exe	87
PID 596 wrote to memory of 740	596	msedge.exe	87
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88
PID 596 wrote to memory of 3184	596	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.mediafire.com/folder/cglu4f3m43vws/Solara_Executor
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9f4046f8,0x7ffe9f404708,0x7ffe9f404718
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7648 /prefetch:8
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,1122223316739066535,402052179502335590,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7280 /prefetch:8
  2⤵
  PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b8 0x2f4
1⤵
PID:5824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
631c4ff7d6e4024e5bdf8eb9fc2a2bcb

SHA1
c59d67b2bb027b438d05bd7c3ad9214393ef51c6

SHA256
27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82

SHA512
12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2cb303586d39aa16_0

Filesize
335KB

MD5
9393fbc49a1bed7fd1d33b85c2445a12

SHA1
7c83f5dffe4e30ef0cfe4ecb442b97ac28fb8fa2

SHA256
a1cc403ede4892e913573af9fd12e59c6bc54b615eeb200faa3a0d4be10685a1

SHA512
61d7864c41d4bfba036d9ea16ca123bea033137a149385c7b2ea25c6d519b4cf278fbf04114aa2fd9b33071981c4f4eabe23c52d18908776a593eb573aad98b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
24ec3631bc61ca1ae7ae0bc4ced89413

SHA1
9b7015adf3acca60d558ce966ce0bdfb1a9dab65

SHA256
5de9bd96b9f9147fa882c56a89669482f4e7412e47a800099a94abba14fa6a66

SHA512
3474c7fd30dd42c41020f3b2cdaccb4968d688b17f705e94bddab0a8d2fbdbcd2273330f44794a789a0bd72aeb39273e72b92aab3c6728fd74acea1dca13016e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
732f7acbfc084e04111648fadeaa2118

SHA1
d207318e1bf299f033e1be1e0e62b63d170280f9

SHA256
b2a768a31f233e5c76dadae4122c05cb0e10ac63bbf6237da54bfa328259be6c

SHA512
380a0c30e014dbb1c0df288c20ceea9efe803eba335fa6bbb06c477975f307caae61f351676a0c0c789db756321a0e4df6950ccaf0c48ed856717b608d10fe44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56fc4517e05b5725_0

Filesize
144KB

MD5
946e82656d96de50d92a21f8028177bd

SHA1
e2e11f285188711d0cc5125494d88a4590fe6f29

SHA256
f631da1d3104d8f98f84b056e4656def3039a40319988faaf806553699cf8877

SHA512
1e61589ac87aeed32070cae30d485e5c40c68b0c65859a82cd0dbc55a7ac681d6e1b12d585faab188b7ebd751361c7a82d9f223796d86b0cbef09f7cd656de58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
d029afc9a3bbe98b1c3215e1fcb8a8f1

SHA1
1c1b922b87b0301eb332c1d8065d3e77f24cedba

SHA256
4baa20bdf66286309fab097dd28f583395585e58a2fc84a1f4ac041b62ad0e4c

SHA512
52496910460a26ce1a4ea504a5238d9804a22f960286da807bb335c182d83fda48c5f72e7e7e19f826b7ef7a3d3292b2ac4dbb321e0297c20f8e7c97a1531918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
7c816a10608e7541c1f086e65208a50b

SHA1
2f66fd045bec805cd4fc5bb0d9aeea488298f3db

SHA256
5718c66f50863270d6fa6070876f7e5a222a9aa790bfc8fa87904c5b272ee22f

SHA512
dc5c2d57fe77e45250174636be8547f3f73679fd9d52d2c7456bc51b16e3b208e7a7f3d9fffe6bedb7047e6fec23f54b1baa353534a2925d3f41c4bc2d8e2d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
11KB

MD5
0b4a9f86a519ed30acde2590be511d7f

SHA1
bec6ccdb6b2ad9bec5fe4f66a09a6c97df120922

SHA256
2c191a955d2b76c9eca03a426864b788d514aee4711647c1bad915824ff101cc

SHA512
a909e77b004fd83d0ebdba771140b2d77c98ab5c8c67981fb100a0613f3c180b30c4f66c13777b554d3a51e8aca3cf0655cd4b40c2ee0e75b11920cf13972416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
021928f10db680631dfe8d1fac29378d

SHA1
03e16cc54f306a88b40c896f05d0d840b977a199

SHA256
63a66adfaa2d03490e45cd3e624f8f6fcc022726e382d55a30c45de1311dc291

SHA512
be5e5c3930405567f0610414cb09b958d4db89b63b4ede2cec4235cbfc6fd12066742349cf202ae5c47625e806d9b55ed228cb5863e7da9e12bab690ea9c2805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8b2ea0f567639907affaf64deb0fa264

SHA1
4849981833830fd5fca51efc7170b43949460e41

SHA256
e40014be4806ea8c4392174675baa781ddd98997033ef95a915d27846477a565

SHA512
fecfc2b9112a598d417864964f0a3c39cf086cf2d65d6e9fa6f9b08abcf2767638834836218ae683e22ee0a1519bef0764591ca6e655a0722d3c6e9547c2e7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dbc7ea6293732c7b1d171f1e06297bdf

SHA1
3f17e76e48ea804fe34a4da77d9d6865050d2724

SHA256
caf84d94df75ae8d0921ef6ce1a129cc612e958d284f06278f0395d7b67e1be3

SHA512
8bd2bdb11f266450cec89e232578f81b096a1e45147601b1d38931951a2e6b6e1bfc4e38494bb3759224a1fbfbd7139bc41be626878cc955e761474a9b34441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
925742ff4f7135f44658f8482ca6fc32

SHA1
9c33b4face59b42270cd1599aea2db4d3a0c1f14

SHA256
156d55b08776d050d8dbddafc9975b0ee3fae63610c0a19962f2389bfae65bf2

SHA512
ac4840f7c948829ca7446ada437a827cd8b893d72c6417b7e97941d59e414b6a3e03e574b6ab5671d4613e9f96107a777a4fefaead6db97eb34f84ce7c860fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
82c49a69d61f1dcb4aee9768815a6639

SHA1
d3cfa50ba37b484ff7e172fe4445408f66658669

SHA256
63ec9154ac43c2b36fd38fe8423c5a11826e3063cb7440d7b250d8bc8e95f368

SHA512
cba27057f9a089b2a99e0a0b93e339d4e3354c0567060188ed8ddc83429b1250eb5a63444c64d0b606608d87a3bc023d6b25fb0b13e1a3dee2e498209e4c41a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4e3eb57aae7b5c050bd5f78402e973e

SHA1
48dd1aba9c6a1ee04309723bef20fcb9590c75ad

SHA256
1ffa586533088333591e4a753372e13d4d1ba33536ab07b5390e5c022e4af9da

SHA512
731c3b9ac22aa1432117ae14a8744006d975a611baa3d800978b009c0683adee371cee42f805e38ff37d488261fc79e060609ba70e9a7fb8245da4acf77e4cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba3e3b8fa1bef517f2af76542bd6ffcf

SHA1
aeb59dca5cc74792248f024ea7a9b2caf6442ffe

SHA256
230a3a0431e721ceec2cfbe071f9bb92eecf127d087acb96757d1d7c0f2e233a

SHA512
f7ea5fcf853fcb867c68d5bcb1e326db7ed2ce66b3b28bf35b64b2e81392748fb3359db3c19d2a2e19a92172b9e1cb688e111fa4513b02d92d1684742f5e4db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
66681691f79261d4618da2d212783009

SHA1
125e0cbde59d956ce1108a5c32e9ffd6d73b473d

SHA256
d2c8afb99816ddfe5c9348a61bedb3bf86a057e14a30856d19c0aff7d1328078

SHA512
1988080f753967a10dd121814d026b5d1fecc4be2835ce829737eeeef5b2d393878c47f08e6970f8e5f2180c2aacb18a35f114471188a7b12f18e126bd301aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fc12e9cbc8e4dff3a0588de3b65ab07f

SHA1
2691eb7084e241aff8cf8cd17c9f15cb7faadca1

SHA256
68289c6b8d5aa8ccc92c80176e15674388ed3a64c1f204de265b4b0ba7bc51c3

SHA512
f7ad40ee7e0a63b42a617c70dfc24a92c2b884f692ce1f4c59e78ab10c66bd8cd45246c9dbe9641a69d5cc8d3801d4d3466781dee06d95557444ddb8e3d3554c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
048ad1ad6b170a953409b7cfc13139a6

SHA1
e2ab6e47ccac65c70d871a3fc3a93b6ef75e3e81

SHA256
7f2c74e4d35ac6e33640e33b31750caedac5771209138a672f5ba13375c10f38

SHA512
c57a4535e06383c9e456fc7fe022b518a07c2f91cb056f00a0a265c407f2295a6d2d24e59d9fe0e6dd1240f9115682ad32409314c26692fe873e5618eb477c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580838.TMP

Filesize
1KB

MD5
fd2c44c9fe89beb29285631de1dd8a08

SHA1
8ddd4332bee7b67104f56f2953173bf79a0f7744

SHA256
094c381c89572fa0bd7f822a244620655aa5e412ca1fe490f5c4c375a3f2e7b2

SHA512
2895778e18263c2d51f036940403790c18d1b8b4242346e4cee5c20eb2a13957949586754f6b99425a5e22c5c053ca362891901b99973ab96451dd2cbcac0ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c478ca70eb71e0b32852a549a0a823a2

SHA1
b696c9891873461a4067e047e61d0b17511b9e60

SHA256
e3740ed24b83f4f862ef29df58d3d793af0f9c0d346f9ed28c994b777c74f0c4

SHA512
afa0b54ae695045fbe353e1c96d1e58084aa3934e2f69e6250da2b42dc821f6a1499809d3b0b4cc20dc4d6f7b73078cb74f366672477a7342a3f48f4ae0a7e9e

Download Submit