Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
23-08-2024 03:32
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://getsolara.dev/
Resource
win10v2004-20240802-en
General
-
Target
https://getsolara.dev/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exepid process 1384 msedge.exe 1384 msedge.exe 1924 msedge.exe 1924 msedge.exe 3536 identity_helper.exe 3536 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
Processes:
msedge.exepid process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
Processes:
msedge.exepid process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe 1924 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1924 wrote to memory of 4656 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4656 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 4116 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 1384 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 1384 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe PID 1924 wrote to memory of 3568 1924 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getsolara.dev/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcff3546f8,0x7ffcff354708,0x7ffcff3547182⤵PID:4656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:4116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵PID:3568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:82⤵PID:1356
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:2964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:2372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:3484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵PID:1880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:2452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3888 /prefetch:82⤵PID:3940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:5100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵PID:1252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:4080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:3052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵PID:2492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:5720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵PID:6124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:1892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:12⤵PID:828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:12⤵PID:5712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:5884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵PID:5984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4259238134002445497,678763756096832744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵PID:3212
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1256
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
17KB
MD58c40080ce790a71c9b85accbbec7a2e8
SHA1ddf9ab694c9fd5799f8bc82cbf58dddc85d507f6
SHA2564de75bbe04ddd6afb222da24d1dcd6ba1f361142c174efacc8f7708b8b27a214
SHA512ef6baa1de2eeb62b63799bd070e193c2cf367f42adfa7f37e0f2cd9c9957e922c8343413e03fedcad1114be515c52bf1b3eec3aed329945628883fc65b2f38c2
-
Filesize
256B
MD525eeceb50d9328111e72de49acdc9aed
SHA195332485673ccf0b4fd53992c9f2eb9650e44253
SHA2564dae5e0ce9fe6a7cc7c79437240e6220140509e4caaed7a78356b8ae1ea7d443
SHA5126aed98bcd7f8f2e55cc80dec104bc0efd8cfc7b170470cdd100151b70d1cbb693e02b569b9dcb4121a53066b40a5f70d9cd0902c7927157a36b296fc7aa4e16f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5e969c11ea37b2a39dc5a4b52b451b445
SHA1b57d40715af9c7d0a82827c730905ebc47b0c2eb
SHA256222dea6ad4a1b389ee5913eb23effc2fcc9c73234311ad10b8c5c949e4214bdc
SHA5122744d3e2dd6246bda0c5f0d9788a4936eeaa74204077bcc1fe6ee92520fcde5746caf1cf3f33ae1171263ce8a3c115898293b106e7751fbc77e8b9e8f116d360
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD5cfccd6c6d6be8ab283721f4390f13143
SHA10daa9862ca08519b2476c88b74414a22d57b1bce
SHA2564f831d0adde28868249a0ff7269b209c62d9cea0b41d8b3cd50783b4869a158d
SHA5123fccbda328848b016c3b78b40a647d0663539d8f9aba367ca69c2f34401dc9226ebacaac905ff794a778ac86c8edfa6bd025a5e3a03c69ad0e67ccafd1c4bb48
-
Filesize
1KB
MD59afc5abc58ce9f76a44ae4c2c098f2a2
SHA14147c77d5c13a77bef830d84e61a52f868838c3a
SHA256c9edb83a6769e5fd099424a8b451c886c1b72f9e553f64a884c05c9699791bf5
SHA512521737c0ee19312f7f24ff771e303f6517c264b62f37100b6537149223a33992d4de970ac9f2ec3af292f297a3239d78a461485ba77b3445d2725cdcb202a24b
-
Filesize
6KB
MD554f5d90ea8bc5f6e2b7efd7de8111bee
SHA1c4b3a2a67ddcc8f4ed72f60f6da1df1a7ba937f1
SHA256b28ed20b12dad262d8997008c2fef725114c8cdb167c08d8b2bcbd0c2d18c872
SHA512431494c9e6c218c82ef513ad1347032ccff7670979d9e38dcd6e5790ddcd35adf4e8084cc01d19a4e8b721be6394bacb3f4f0adf1acc4ba8c6af8ed097b60802
-
Filesize
6KB
MD5431a02272b5d916cceafe27bae4e9a3f
SHA1d03e9f0fabf1f766cece59d33238b923c67c6e7c
SHA2560818e8be3fb73e42fec0f6519d0849d317ed28efbe42f9c9b0a2f1798a0b9308
SHA512dddb5de065bd169078ea721310f2a7d4cd3dd9fb49475622479da27046cb522b315638d084cc2b144caa5f59adc28b163754c267acfda2375f6f895e946b5a4c
-
Filesize
8KB
MD5cd0e8c9e5bebeb0cf659c3d9de08b451
SHA16cf3ef7754dac554e355179291e68416a1f59e14
SHA256e79d14f359813ee6d65ba3532b2cc9c3a8066ace043763b84d6ccccb50184e3b
SHA51211d3e542a844bcb7d03295bf406a457bfc36b2656095779240341895de600ee2ff2b3e4a08bc120f82302a0156f04b2cc9518f59739ed5751782f37183b9a5f7
-
Filesize
6KB
MD5375657cb31f12ae808a1bc472f6a7a39
SHA16d681b9792e2096df19ddb0fe0ff0e6adc816a14
SHA256c625353a449ce5f520ab47e6bff523ee32b75a9a88eb15c5a16b72416661b9b5
SHA5127b1a9c9c6068d1039b49f876a553f46c2fbdfd7075aba39a67c4931f73074e8d9b007fe6ea6520812be2163a844c0072823d7bf5270d3fb90682d835ff9d0046
-
Filesize
7KB
MD505832567122957fed809b034f52d5aba
SHA1413f13defb5d5cb7eebd782f4046cc1d9f9a1305
SHA25633da7baf3a52ed452c0e02db7bd3079fd2497b4e84de89e1f295b830435830ac
SHA51239ec40a8d0237fec73c5821d3c66cf503a2f3834431199edac06182e7c61788bd994702cce2f16167fed7ae3b281fd2f8bad907fb052883bf15d354ca837b7e1
-
Filesize
8KB
MD5dc3dab1790fcee2c21bdb604f8874ac1
SHA1961b2476a1241e342ba73114608b9cbae5e7adb4
SHA256393c153851106c75f1fbff808e2051227c048eb119cfe8353b710fb7513a37d0
SHA512a17ad1a057b2a392035b5ffc8b930895ddb8ff6c723abc033c4af560f6c6a5e30db07579754d4371f339d9bbeb4908ff13e4ee1a84fbc86a24db88b7752ae297
-
Filesize
8KB
MD5261d5bc2552ce3ad65f1442db9618ff6
SHA19a39f18b0f070584237c1867dc344543efcc30e5
SHA256ebd6fb2be01d2b25482f9aa3cab5881135ea2e3b6b3a75eea7a28ac6aede4bad
SHA512c24aebe1d0a2736e5a523458878679097512cf658e476e2faa1fee7c3fa84cd08ccd80e85c6461854d8bd166051af9e5b3d506f9151590346bbcd3248c214df6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\c9e5a3e1-32cd-4dce-a6ad-94edd40bb5a8\index-dir\the-real-index
Filesize3KB
MD5d234201f3a4db6f3fc979d3b91ad0132
SHA18964f591d0cdf3f761124afd69f489fbc2b7b2fd
SHA2567d40caccef0eae291db365aa234d34d66c7a17f6cf87f668c645d91e97e19cfb
SHA512f8a9cb5b75eee433ec907e06a35eac885751b1faa74fca75c5aebf78df39072c9f446c7a7ea7c4b68685b5900915681581b7dccf2c08bb394ccf477bab64843b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\c9e5a3e1-32cd-4dce-a6ad-94edd40bb5a8\index-dir\the-real-index~RFe58b783.TMP
Filesize48B
MD5dd21c6598e2d0bb2f82cd15a67658def
SHA1aa91d1258b86f68f028f6b40a58bcb4031494cdb
SHA256b152d842801e4b0eaaa44c2e1c28669196f0ceb139b578abe20f841dc69d2913
SHA512d3baf9972e490a00e018c0f5ded3c2edb6f9c30fbbbdb5180e80ced8b76b8b26756ae18599eee2f976a2e0e8dac8642dec0d079110655cb10e44dcab8b5bacd8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\925a02cd30dd2ad1_0
Filesize125KB
MD5304cc8ea0de19bea45ed8d5f367176ee
SHA1367a05708a9b31608f4f80c38f4bb5ecc002b264
SHA25645d5a64eb3fffd9bdcfb3d49ef7b8f13b67b48ec2b83fa60c25300c4eb53e018
SHA512a92bf41a5c6336fa8fa2eed35084711caa4207e34c21b1d93b7a5af68528326d7f2d42c2fdaecdeb1a20159f71f8fd41cbac4e485c80ace806e1d6b7bf2a68db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\index-dir\the-real-index
Filesize72B
MD5042c5eba26fb356dacf68d56efc0bb72
SHA10b5a7c243252515793cb54071fb83e0aaf01a895
SHA2561a1e641c9b3fd85e059fe0c5281c664a204c71c82451d3d32e2561458386b043
SHA5127d81055020097d1b3be9f141e4dea8e0987ddd3febb18cbdcef732fe2ea36fe5848850b4d4a4541f2aaf4b360c9011ca626446033e5dd6d02afc33d305eee65e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\dd5aa796-3563-4c1a-9de5-129054e4eec0\index-dir\the-real-index~RFe58b800.TMP
Filesize48B
MD557c58f24852764085fe43f4cfe6c2f77
SHA19c1de64136448d5e4d3e1847391887f446c2b279
SHA256f109717cc2096e9384a79297db2b161d847627647b2d25ab8171edb3ff62d552
SHA512d1086d5d725bf7c56e7ea8d7145edd4d196032e646bcec33c2b3a62821816bfe2cf26ef73ff409138ae194a46f3699520532fc16a642105a9c949219bf0baac3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize86B
MD5a4017bb8241ef3bfc3711352d8ab91b5
SHA160aaf37273c06fa772113a26e3d732095bab5420
SHA25636b386614e402c2f044dbaeec0203c3b257b1dc7f2bdee5b83221b14bf397025
SHA51232a6d902813a44be6e69f5a87f960644f9339ea3f5cb8072ebdbece558015f8e30d6ba30a7766f7949b374a7a813985bf5478918bb6864c29f3a930c9326948c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize176B
MD5ce689fa1c710b5864485f8aea90054d1
SHA11b2b0b12cdfed2b7dfb802c1c42c63b45a29e22f
SHA256a191455d6f2023a93aea524d893b78850152b81831aa152c75a56fdb1320c6e9
SHA5122dfba8d6f5e355a13e72d2c05e289c38fc5f807aa54ad84cfd9c10f9ab1de4b46d2f4cc7951058a246511981e9a95de78c0dd57f6e03dec81caca28aaf1fc455
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize236B
MD55a367718dac331ed7b2a5ffdcb0cbbde
SHA179800c919850fe7658dc3cf35ed440c9efaf49a4
SHA256de54ff9c03ea2d8ed927417282b2e2081c50275b2ab0fbe3f074ffcefefc08f2
SHA512745849739ae7b9b6763350a00658da500c76fbc01c9ebfc4687fddd37801c12e5a3af3541447a2193cd4e286082c3f4ef9144ef54b9bfcb16c5297019adfc47c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt
Filesize229B
MD55c79667eb6c87d86b6a4604ee1dc527d
SHA1d7448ada6bf509ff66fd70ca4813b4511839dba5
SHA256f57e61f3cab07b6449ad729cdf6760aafad46adceddc151d9ea67f27d9f9ba79
SHA5127ab2da5fadb9252606bee7c5355e31811c32ad8e6d1c36f19696cfeac1e9b6ecc0a354939b71e6c93703289e57f97bd246ecc51f1a4b122733e9c74a072b6a26
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD58522ced6d7f663584e64f0f393150183
SHA1fab249532824b1cee1277dcbd743ce03e6f46ebf
SHA2568e85bdab27b6130f9a4f1a4991661b83f5a51ceedd88a5659430313351bb751a
SHA51251e1a8ac7a54aba07f0e2682e2c7558949975f9e4af25f9d3c1fbe24ce6397bd7f8389944cfd5b655b30533a050ab1490cb8a43372d3ac8a7001670d7f981d88
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588056.TMP
Filesize48B
MD5ac361d6cade4bcbd1e16e7955f97364c
SHA1e039f0eb27e8707093563b4e9e178baa514c07c2
SHA256b900a896d6ac9711189b6ed256d6929ef083b91f5fe0bffde3f684dd96629010
SHA512fd90798baa6b1c09cfc50e9bdd2fab2775db727d7796647b18d40ba94eaeb2ed57ab6e295f4ec5e436a51c22de886f15c762974ac9d28a95b67da7f013bdde9c
-
Filesize
370B
MD544f54a7a6a27dda21b137d7cd07fe5b8
SHA1a4ace903b9ada94db324feb5d9b53704fe15a86a
SHA25629604f50ed500a4fef1e398e85031683533c49811931a51bccaaac53ef6017b7
SHA512270050f8a10b304f320bef0b6164557ace0270a4f04fffdd9e6d8de23c1b5427f25450001ba90e6fa65d6b7ed3a8530759e513afcd3ff1625ece31549926b129
-
Filesize
537B
MD5a202c243859bcfae8e17852ac0335da3
SHA15014b5119eb179e06acfe1054c75d1f171f3c86e
SHA2567ef52b36d802c6b50de6cafe20782e5c131cb48ed67a7be456c121eeba470272
SHA5126038fa79e1cf24deb54a53bbdc0626329cd89ce41507a57ac264426d83cb2bd0888be6e4f98b76ac3797bb6df08312346bd28753c87403cfc6e25d02705a2f05
-
Filesize
535B
MD54254ea616a7f468dd36cb96e5465a193
SHA1d54b23b5303b40041b22ee79f686235ee0da9552
SHA2565e17fad23335c40b086eae67c8c51d202567042948b7d1ae6230175572bcc4bf
SHA512b8f478914adf3c5ef595e8fc324b0dc85e63fa433149e3847a871ac07d90e2a98b656f3d471bb8e21a92348998c1e78f4a4fda39fb8bbdbf79b95ff00cbd6598
-
Filesize
37B
MD5661760f65468e15dd28c1fd21fb55e6d
SHA1207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA2560a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA5126454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD578182d8783f6dae79180b4e1ab434e2b
SHA127a8a5c7dc2274c4209e33bc447db6ed3df8145e
SHA256ad77a029bdeac6d61a0bacc5cf8f866d4bcbb6166cb42776a218e57cff694d92
SHA512e64d3313bb759ff4e412c887d3d7ce233d4cbf4d4a5562f22a8323de31a1bd333ba488614e5977d0d0823c2913ca004485a89e4927185a9bb7040d06028fd36f
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize13KB
MD54b4b8f440bbf53de359440c35859fa63
SHA13047a0739955e328b986d702e684232e6fd5cf5c
SHA2568676237dc28a64f9758a6ef5e8de5f73a914005a77cefd3f0da222eb2abefe69
SHA512e87ec27b7ec481fa1ab9d2496e97770cc1a7245238b370406348978ea69e930f524dc6b8a936af634d1753538e0a2a654e914721f34fc8d9969356819c0eeff5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize15KB
MD5ce12a3d624a8e176b08f2523f8039c28
SHA1d90a07428687593330b882e059a24386e92932a8
SHA256e98eb4ddbd3a54632ddc57c46769f9442d38fe31e01211e1c9e75a5a1bab214b
SHA51249002c543f37d746dd6b7a16ff682882de203823f1329febee195b95a40fc53f45e33d6e8584d3b4a8d7258045798634aab138f7c30beb2a1fbfaf9410c85ba6
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize16KB
MD59861b84d9d0082931b1bee502c9b6ad3
SHA1bc7091a5f9b0f3989e0aa970cc99dff3a03318ae
SHA256ba30c8a774bc6bf472bc26ca04a3c3837c381bc2b8e0473079a4f16c4e79e1bd
SHA51218a991ecede00f420f604d39e2f0718bdcd4ff47b45b2f682c4f6f781c56eb2de9989986c0cfec442a8f68918b2abe10cd598ab3b23a317753fa01a72a53fe31
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize15KB
MD520594a71b9cbba4780d6d6a8b9749cb6
SHA170ac38268f2b43e66ea8643cfc5f01de4cd1b281
SHA256ee9e961d3f5ac8a3452da83be3a30cc74adfff908aa56dfee8f06956dd20e1fd
SHA51204c04c9b572276a25546f9dde3bfa3214428a504f8efad3f8a06bd242cc6303ed80c36a79d856e02b715736c8f81d60bd0f776b595e4fcfd72934f3666d0517c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e