Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 03:37
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://getsolara.dev
Resource
win10v2004-20240802-en
General
-
Target
http://getsolara.dev
Malware Config
Signatures
-
Downloads MZ/PE file
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 127 api.ipify.org 130 api.ipify.org -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{BEE9EDA5-832B-4B17-A9BA-B8DDF9A220DD} msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 346638.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3028 msedge.exe 3028 msedge.exe 3032 msedge.exe 3032 msedge.exe 4516 identity_helper.exe 4516 identity_helper.exe 6072 msedge.exe 6072 msedge.exe 5980 msedge.exe 5980 msedge.exe 5980 msedge.exe 5980 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
Processes:
msedge.exepid process 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
Processes:
msedge.exepid process 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe 3032 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3032 wrote to memory of 1868 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1868 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3820 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3028 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 3028 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe PID 3032 wrote to memory of 1788 3032 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getsolara.dev1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb062446f8,0x7ffb06244708,0x7ffb062447182⤵PID:1868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:22⤵PID:3820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:1788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵PID:4980
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵PID:4840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:1420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:1600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:1252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:5396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:5524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:5960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5548 /prefetch:82⤵PID:6064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5452 /prefetch:82⤵PID:2096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵PID:5792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:5872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6724 /prefetch:82⤵PID:4112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵PID:760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:12⤵PID:5300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:5692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵PID:5664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8897522075653214261,17219933104121121597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5980
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2100
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2520
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD5282932bbdf665b27b92ff37ac6af7eac
SHA1e821af5b28cbaa7f619708fe9cae4f4de74fa215
SHA2562bbc230d565187005d3fa324a5efed1c4cbb6f6aa3bffa176625a76b7140306d
SHA512a08d01aad63720b286165f77405467d42e0ad40b879476b97ac4603734e2f7b2cc79b4f77706cd5d35d290f4627929197c33eb696185762766b2a1cc4c92b148
-
Filesize
4KB
MD538dd847c8dbb6385b90bb80d4b11859d
SHA135e39cfa5398dbac2ef4cad4422e58ed13e69600
SHA25632701bca486177313ccad088ec7ca5721eb8e9621c21f20c63841e1d3cc024e6
SHA512dc05a5c4f1bc7925ba4093e808b33415c4795927e8e48aedcbaf196d51b2f5da791d4ebcd172b27ed62db09c594fba34b165bc4c884ee703dec086c96db27529
-
Filesize
5KB
MD502c9d59683b61102c6ed6cb17bbfb41f
SHA1f575a5140a0b5c581fd41da1b80533de2c9b0149
SHA25616b7a9335b855b360122c7032f21e4b1f1a57c95fd7425345f00757a369abc3e
SHA5122081d54c6b8140ad76bd5e4c432c276148f8a2659444d9947b69ea36df08e664bbcdedb0c114ecfb38189a1a21e820eeeb7a80edfa9742ba03ee59e07a32ddec
-
Filesize
6KB
MD56ac25cc8df6cf17fb92b4a7829819c51
SHA19d9f0cee8600bb79a95deacb38c05b8b413f16ea
SHA2565846d452607554cd8818279add519bcbcf0342088776659c6e16bef64235f204
SHA512a7180c14d3f0db1813b495b336bafbabd4958b011cea775721ecbebcdf562ac9147cf4a1ae543cd88b9ba2d8720bc6a970b83b4c7e8d122651f0c6e291be1681
-
Filesize
8KB
MD5cf43d2748e7db379d6113d72e280a894
SHA1b0b34d249e5b8f36e8c15dae935c91f28a44adc7
SHA256e1d035f57d91478879a95c06f1dbb7e0b2862904c4ebfafd41d6c8dd4c063e33
SHA5128b7c5dd7f8c367186eeaeddb70e204e18706e98d97ba55e32ef3fba9dad895bc0ae89d0f68ac998ba2294169c34986509df0ebc52f62a8f6b190cef3f6c5c880
-
Filesize
8KB
MD51dc77ff1d184f5ef90c4231f5b7f3a3c
SHA129223e47535a2a5b7ae581647dfeaebd78cd018e
SHA256d46973262f5137b1ba5c22167e94c9c91d1559e11718019b25e7c3f3a33c1060
SHA512fe7ce5005273ead5bec56f4daa42cde501e674af8790db48087fea03192cdb40be4c181299a531e3bc566eec73e8ff0dc02de03a52f75016170abbdf6746574b
-
Filesize
8KB
MD57eee3bb23cef4a0b88986a0d4b9bf39b
SHA163e7af663d7e9b637e5c63dcf63b72414181c8cc
SHA256cee4734ecfae1f822cfe16ddaa72b078ba6f45c9b5f659330244526ea2923e47
SHA51271f2b062d845e2340879e411b7693568eb50ca415c72d528410d05a720ae2a052b7f50e80c88988e0bf4e617b564cc6d67373964532b202c875f03275b3399b3
-
Filesize
1KB
MD58051ee6e36d72fe76761f35edc83e493
SHA186134e29eb1f1759844364573ba59552690aa98f
SHA2561d64919b852a093c25eee22b866e4cd859a20d5192a2aadb508a79443308710f
SHA512a274a7e1d66e00dd73cc34bc274558eb70e98507f23c2f58e95202df5c86a9f1a6ff29b0fa7615deb9c88f6f5ca51520b18fb64a3fde0098b55b0e76b51e21ec
-
Filesize
1KB
MD50af12cacf608158bb7605b6c739ddb8d
SHA1835fdfe0ae16b0cf9c5d13efdb2260b176a09619
SHA2567dd5fcd3fc99e101cddb0342ea7b26e216a69d9e571431410bb1881f334fb587
SHA512922027e8260fd7e745f0728fa8fbe0358003163c67bdaa3f0fa394f000a5d661586849b50d86ce49dba6d500f7fde25c3c5704fef2c7c64e9fe4cfc9f13b19c3
-
Filesize
37B
MD5661760f65468e15dd28c1fd21fb55e6d
SHA1207638003735c9b113b1f47bb043cdcdbf4b0b5f
SHA2560a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e
SHA5126454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD51cbd44fb9be9b140cfb974eec3de9857
SHA1575094a8b5ddf634f3a10be790c9c641229bc059
SHA256e28f374742ccda512a0fcf76131258179070463f09e49a9d9490ae409674f39c
SHA512bd8ba56198f5d694021de8fe049090c5a5ead63a2aa955e7fcf0d1c5914d3f9902e8db5828e1451de63da41cde28f861ba75e4850786a4e49e7a364f511ea6b0
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
796KB
MD54b94b989b0fe7bec6311153b309dfe81
SHA1bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA2567c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
SHA512fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e