Resubmissions
09/11/2024, 22:22
241109-2aba5aspct 3Analysis
-
max time kernel
107s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 22:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://solaraexecutor.com
Resource
win10v2004-20241007-en
General
-
Target
http://solaraexecutor.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 7 IoCs
pid Process 5000 msedge.exe 5000 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 2004 identity_helper.exe 2004 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe 4508 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4508 wrote to memory of 2288 4508 msedge.exe 84 PID 4508 wrote to memory of 2288 4508 msedge.exe 84 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 4968 4508 msedge.exe 85 PID 4508 wrote to memory of 5000 4508 msedge.exe 86 PID 4508 wrote to memory of 5000 4508 msedge.exe 86 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87 PID 4508 wrote to memory of 1508 4508 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://solaraexecutor.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7fffa65946f8,0x7fffa6594708,0x7fffa65947182⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:12⤵PID:3848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7151137483264057901,1117201164781218791,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:1496
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:432
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3336
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c1593d9-0711-4d3b-9037-d41129dc4553.tmp
Filesize3KB
MD5088f391809b778d179e9ff8e51938d67
SHA177ccadfd74dc4bb46bc400c973e073849cb534f9
SHA256645b621fbb6fa53dcb1b5cb94b2305dde724f6fb57fbcbc48cdd330ca02875ff
SHA51276b31139fad32352a09ad046192d37ab0b02dd014b4dd815350481b1a1a95e09150b18875de08706f95b7a9f053acaa4d59bc199d850ce97b5873404ec78ae43
-
Filesize
53KB
MD5ed3cfca69682bd5a1d5312ed6ab1b813
SHA1bad24553368edeb4163e4b7cc323d5fe8e3cc56c
SHA256d3ddd1a8c3ceb8c4427f818702eeecd3450ba77f39679fe4d89ce0d5fde5ce9e
SHA51248030db6025eba766dd3e169172f77208d4eec9dd1e1795c0db2abf736cf7c4b0f0272cce83ead9feb99de9eb871351ec007476bb240af414417f8f3b28d8674
-
Filesize
144KB
MD5dd56af8618c81c3df88a0d6be61ab977
SHA190db67540e7543d84f72941e925cae0c3a2b813f
SHA256dc06e5de08e9d7ec1ef1704f310194599f919b6f86bdb3d364e01b7c9d4e8c3f
SHA512f6f1086a082ae6e869f75151c9f580848bfcc6d4b918fb5269aac4362f794fe4e1e5b12573a9453552356074184bffbffc1f5ef086f6a2bcb94bbd60c1fa353f
-
Filesize
59KB
MD58c9cb2a916bc8b2d9faf75b9d941c944
SHA18e5f460e9d827d4f3650d64188ea487be68c380a
SHA2568fa7af3e2dccc7728e7ccc990f7a141042f5f15c6e610bab7e23607d6f023cb8
SHA512f0faa5d78d892066ec8745544effc6b03624e2e6434980a3ef823d53bd9b72ea79a2c9afdfc1df763fba9307c3753c79200b0646d8c96647f6d8ad5ef570fc0e
-
Filesize
68KB
MD5dee46781c0389eada0ac9faa177539b6
SHA1d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA25635f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d
-
Filesize
19KB
MD5120487dc73cba74ba507e43d627cf23d
SHA1bb7e16f235da60fcf9c8cc2530049886d6f7f871
SHA2563d7cfe80f6f4abe9aa76cbe82829991a5dd670b5adfce249fa0faa022597f7bb
SHA512677495412adce43a8e5dd20b4b1a9254a93ebe7608ff27e62aa17f8f0048e2c53ffa041cccb08320ff814174dbbdb0a8193bdca512c65551d69688f85f205a32
-
Filesize
20KB
MD5ef8b09f2df1c04901dfd8f5e5f326633
SHA157c877f6c01f8f41aafd8a0e4b5a7444e3890d02
SHA256f3e517f718fdbfc155538067dd9550d19f9ca91fea4ae69330a5f2c638964bcf
SHA512c0334d4906be1620c68f9b6e74d5235d4bfec252582b6f00430ef5b8e484867848c7ccaad269d2e14adc35d603d3b6d028ddb6c2a2b98b2032c937b7d67dde6a
-
Filesize
52KB
MD5f72f9ba9fdd55d90bceead6aa2fb8f8e
SHA1111aabe6e7fe2e5b44bc200148cebb6db00ef122
SHA256e21e804940530373d0e362fe341934d7fd292de3a546d79b0961a847a47d1e9f
SHA51219699eec856dad8a26d0d36851518b4c1ec63b726e62b255dea4e681a60a7a1bfeedbb61fdbb7a62bee09d02b0ef47cb5f1e6d5d12b99423bbbe2137718da9b7
-
Filesize
21KB
MD554460939adee2ae735d8ac184402558d
SHA1e9b88020fc803bc449f95cb1221294ce00590367
SHA25623b04b0b2a9bf4c2146efe04f0614aeb76fc0d62fa72adc436baed7a37cc0312
SHA5120a994da0fcb85a1b519ce3c783dc3f7da047a7d66f00b377c3a87cc1e5948f6bf2000349b9cb43214363fe3072e78c9e778075db183dc8a1eff829b4cf4bf685
-
Filesize
35KB
MD57c702451150c376ff54a34249bceb819
SHA13ab4dc2f57c0fd141456c1cbe24f112adf3710e2
SHA25677d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583
SHA5129f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59
-
Filesize
52KB
MD5840b32d8dacdf8078e5fd40aeeb7beed
SHA1b774113fc175126903d05de1825fd3f573475b09
SHA256a94ac88764f70221792f7702665f759472655acd4ed3c4c7abe17fac44943b7e
SHA5127331089e4da0f289c205604135acd84d80602c65bafa6044b200df3f08ba7b3c0ec4f7d00697b5a3a2e3824dbc10e514b09c2f09a1f671f6720f8cf26d1739c3
-
Filesize
47KB
MD5015c126a3520c9a8f6a27979d0266e96
SHA12acf956561d44434a6d84204670cf849d3215d5f
SHA2563c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
SHA51202a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c
-
Filesize
93KB
MD53cbce08aaffa4c9b44fd6c929e6455d9
SHA1b76cc2653f095e09139bd2497ca0fd6e91c8af57
SHA2569b83a72e09ad483c62a59745eb4a72164b9ac105f29d410bf8c8a795395c9d70
SHA512f78a058040a82f68716cda34f5b4d7124487c5e4bc1008abedf1b195620f29b95d3741b0e3b66eb0d1c9dcae6f33bebc7606cc0363e88eed3e4b1d00849ae157
-
Filesize
52KB
MD5b9fdf80f3cc87737bb1766932ee8b727
SHA1514e082e5eb05c3730183f96bc9af2bb915a13e1
SHA256c3a572a12347f3ffc6f95dded31985e73d9796d661dff3e79b4c95846f4e5bf2
SHA512fc872b2b01482165c67e840aa862bd5d49c71c6dc29fdbdf64f27df85e7a988028202fe0d82794604a570a3ab056f0f2bd6b39afbb325b063a6aa4521d4a6584
-
Filesize
20KB
MD52abd079be1223e68fdd6f520afe8fab7
SHA10f52ef825e632aa99b80724e2fc419fe1413ff39
SHA256fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75
SHA51241d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70
-
Filesize
17KB
MD537fdfef8e4248012b0ce67b783535040
SHA15a894e91c713ec7b9754f8b3933a839cb2caa1cd
SHA256aac4fba2d2b62142ad900cc74f7947e3d2025155d7f4e6fe2d05b28835e03fe4
SHA51296f2ea50ddd19358173853655616f823e31335d69311b00128ffbbe9822ccd57bbc85aad89d25f12d91007ab1b406e57f6f1e62df551af27c8581cfea0aaba6e
-
Filesize
32KB
MD50e53c87ab188681cc63b8ffa06f7b3d1
SHA1ce7a2b164213672fa68ffac326f68a76c5a0b142
SHA2566402c1ebaa56a20216d89d398a6331fa0401d58f0ed19fb1d5d6930b2f3db54d
SHA51234120ac71f47f6bf9ffbe34c939a3ba06dc1cb8eb4c9fa1a785c1daa1eda530071b53f69d2c859aa04908479ceee1f9e959b896d0278ad820bdceacca3591cfd
-
Filesize
241KB
MD57e9c9d1c23f974c3c2f2b6b69916f962
SHA163e7a060ddaf595cf08336aab10131e7e8887746
SHA25631a6c24e4e1bf823645bb249feedb47920bcbfa90a37aa1c5ccde2a7e4384cda
SHA512af7b524d8ce246c5cc96a1bc36ae5dbd36cbcfe29f409d6eb161f29054e9ffb7fef432b1260a71e70dbb680178b664f4d8783ad679f931ffbb08dbc211c415f5
-
Filesize
328B
MD57efdb19c3c176cdcb870916fab5d2aa3
SHA10737db0cb05d458aec2a05a903db5044d1d2ec8a
SHA256508ef833a2669bd6c604ec21efac7e38b52a451f2c8c936b963b35f79dc2b847
SHA5120a8978d8119e0cbec2c7a87ba279da7205b7b13e0cd73b4b7df9d09243381c954e4e937e34ab7de20b92112a44474dab341f9d00ea3fd52ef6a88dfb4c45958d
-
Filesize
3KB
MD5c9dc6c954854c0b90b68c9fca5098463
SHA19bce8fa35b94d772fb5746d26cbf7aa41fa3a75f
SHA2562bbdfbac0e0b05b09747fa8589de000cafa3252e95e01079c350038c18e172a2
SHA51293d61721b798041ac8d4907b5badc25936d0875d0ba21208a0e2f0d6f5fde7b94ab2a10eab4817acfd39626731125fbacfa2fb2c8450eb90601dc85e1259e8b3
-
Filesize
55KB
MD5693f8cfb6c7c41a480c54c0c803106ca
SHA160db845b9af1d70ee39cb7c3975b473fa5baa099
SHA256992e06d19064846452c1a379d3bea779262121884daad9189737aa51dc923478
SHA51210134757d9cd447e48da1a8402fa0d7fdf2cf49cc18df867d5dd537e44aab58504002d5dcf21fa0eddbe4e92e6dd48af7a0a7d6cfa1eac9d7cdbada59ca3a36b
-
Filesize
306B
MD57027a1dc572a950217ecbb9a799f3677
SHA1f46c356efe0ab99420159181ae3564cd11ba44a8
SHA256496d99407951d1115cca7f8d3082300fd635451c724692ccc013cbe58411f185
SHA51294e1b1537bd1c43dc2d2ad02eee4fed876fbe4e41f7706d69f7b529ecd650f2b97e874b081d52e6489f5201da3dee13233453522fe0e231ea618cb31bda9c627
-
Filesize
67KB
MD513cecdf910a32a8c6afd7b0df3fba394
SHA1541a4cbc3ec0b389f0a12681a3df45c5bfe1ef17
SHA25653c25ce2a957090e37a49b5cea8ef85c49c2fa89213d23960ac0be4468caf362
SHA51267321068686370240c3cce0d19b32f3078b45ca925e5cb13daffcab86132d8162f15b87bddd074213e7e682a9801653fceb7d5d2a4451ab4942d6a74d6479211
-
Filesize
55KB
MD5e125a9cb672cafedef7915f53f4504fd
SHA1609a01f739a8d8a3d7b65f7282e20902576507b1
SHA256a593aaca30c796a4b365d894aa143fbc8eafe902cc77e7c50c25c53b99418f47
SHA512dca479c74e7b22c035b3b82546cb86eee3db0684823ec40dd0a5c17a2398d843aa6762cea75af3f8fe3cbf9a012345937620ddf257544c2a568753a32daabcdf
-
Filesize
3KB
MD55ba375666e6c00ad4dd24ae4898b99f8
SHA1f776854d93aea1b42433f2e00f27daa8d8358dc1
SHA25697dbc0e2c9da2c59791db9891c026f88ae1f88b27c41dbf1404283fc286df7cd
SHA5120e04a48017eaefec8a418e9e188bdf25fbac3a3fe60206dc8782fdd1ff8f162a2d8f2187697ad60f68a0bab4b091cc452ede9ec4aab8d1e648c21cdd512d4f13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD508e1651b77100db4815ad43a99593697
SHA1f2fd396489caaca519282d96ea8e5379c6c33de4
SHA256a5f49394e58c5a995aa57411c9193f1e3ab661c0fa8d2bb5ac31b77095b0f60b
SHA512fa277f62cb2327fbff23938836546f2f0673cbc3b7c2e0387d0aeea6df116dd28cfead0c6db74ffbb810f21fe50a543bd144df160e37dc25164a6292b5fde34d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD53a24cf3eeb08f5eb88f1446249128616
SHA11769f75e80e7ab90a4d3d82257ac0a9df894b880
SHA2561a636b33d6ed540f6eee043b6a9901eb84f4df98e5d92fd58b983cfe3e55c6c2
SHA512c3998eee77ee6a8cf10786a13f3b236fe87e6ced840b2f6f8b41b684d2393fb9cba8a40e55742fb6559d9355cbe5f5de3de07ebeaca1ac614159d1926a25215e
-
Filesize
7KB
MD57e2a84ff53d766ef7410f152db14f9e4
SHA121b2eba7aa63985121ca9c943bde3df3c3bc903b
SHA256a0f1ff68104aaf99ffdff574202bbd3517a3661c69f8762fc5c6e9a27a98dd8a
SHA5120cabd6c4a8000f21b2ff69a583ba1ff9358e3ac35d3f4d1f9edec505e9dd589658333d30adb5e4f737c9ccf942b791f0d04d387bb5b69cdc032dde16085fa9f9
-
Filesize
8KB
MD59a2cd51ed822e89fb5bff15e352f2ed5
SHA18377376e06501a50f4b33cc7aeb99271cf018632
SHA256c90bb396a2af0e8ffe33700622067b6bbe53c39e6a560c1b142565e72bdbdcea
SHA512f1051e36fc251017fb17540e6cdf89c41536736fd57af644f2e5c5fc855e4e0f69eda520e97899600d3b05f2a3e1a2681956c86d2ef31bed5b964d94e1e67103
-
Filesize
5KB
MD5b05375f8583c2fab9652800fdcf6c94d
SHA155490d0787e4b7924b7db73256da011d93882222
SHA2563387af86629f88f9ac062b9084c2e6c8aeacdbece9d44fbc4c3038e1946110dc
SHA5124165e182af75f7e0ee2045d983a74e2ef6bdb232c50e708a483f7fa6d58bd315133d628135f1b7111504b90a298bb016fa7c247b060f0301e3a0fa7f8b3f7dbe
-
Filesize
7KB
MD59b112dc7fa0e978b25c0ecce502d1120
SHA12eb377eca2c39c3fac6aa4cbd10b83cfa6a0ef2f
SHA256a031da258843af4deb74dd60fa2e80418e6295f36a975a0b0253f572ab506523
SHA5120f01b638c32c215c57139754e0131c05a827070bfd0e0f14bca5a25f5d067208249550410b4927a646d7302e187ea5cab1499856272400afa5129098ddefb8e7
-
Filesize
7KB
MD5c3ec3f7db78f7a150117d4a743cbe5ef
SHA170999d4a37dbc4291c28e235d3f168f0ead8087c
SHA2567259ec84ab0a2eee4310e4be12706894912a3f63e961e10ef8e2b78613aac550
SHA5121f43f6e2f2e57eece9bbf107b55578b644375edee925f902b7a315f617b0f3c284b67efea65745bf8398377bbc51fe9589fd00396ff310a5ace0375a0ed37c1c
-
Filesize
204B
MD5da72d907e32472fa22d2de9d4f770eb0
SHA14907282a9a7788d8b85ecb44dc007fc604abe3ee
SHA256923e1842307287fed20eeb9ecb757c28854f74b7005fa57d248a8765d1b4d97d
SHA512bc17182d97605877d79bfee503521cbf62d6e88c841b1f31e614271adf692e6f7cdf5adba266a60ad7ee527450b891aaf256051cdabceca7cc23ff446565def6
-
Filesize
204B
MD5fd5352e30c7e342551413846dc10368d
SHA1ffe8bcf67af3c9c919b36db1f9e3441cd52b7e39
SHA256d904032ce7547f8db5fe41a2632cbedee1e0d4e592fa297d132d9f18e7124f81
SHA51264c5b6951fa2ce3784de8a81cf6e76603e08eeeeee4a0d8942f29016e14444b73a362c7071c354d4b38e5ea3baa9965203b5d2918a16cc5deddc658f7ff52ed3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a5f259af-612a-465d-b725-d2ebe726d746.tmp
Filesize7KB
MD59f8e66e2faaabceec3780fb6da52fcae
SHA1383aa0d51ba38d8f50f1f94d27643a2eedec1215
SHA256adacc3113bb39742f4af1498f3d35108c7aa8cddfc9dd62829f5000d12615fb3
SHA5120d1d61c3b267f8af7349db5838f02d309431bc6cfe29a864d36eb4497ec5a6b006d2a312e69f01a5856354a1c09ad1ee3de0bd988a30e66e47a08fccfbabcd57
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD502cf56c5091f8cf82aabc3a2ca375dfd
SHA1c7cfed716cb7fbbd3d6a60fa281cafd88fc41598
SHA2560941ea2f758393795738b92690d9d852ff4dfd7090b3552622c870c55aefc2c3
SHA5128363908cba3e573abd476da7df9ee4d3cc758413ab3b3cb020868f587852aab8d8038b9cba1f448c3fc1cbe13004c9bcd173d595e1957b2e1a2a516bd0c0a734