hxxps://github[.]com/Haxhom/malware-leaks/raw/refs/heads/main/solaris%20(1)[.]exe

Analysis

max time kernel
65s
max time network
67s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-12-2024 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Haxhom/malware-leaks/raw/refs/heads/main/solaris%20(1).exe

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1636	solaris (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
14	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\solaris (1).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	solaris (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 918146.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\solaris (1).exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5236	msedge.exe
5236	msedge.exe
5192	msedge.exe
5192	msedge.exe
1448	identity_helper.exe
1448	identity_helper.exe
6072	msedge.exe
6072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	436	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5236 wrote to memory of 3560	5236	msedge.exe	77
PID 5236 wrote to memory of 3560	5236	msedge.exe	77
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 4980	5236	msedge.exe	78
PID 5236 wrote to memory of 5948	5236	msedge.exe	79
PID 5236 wrote to memory of 5948	5236	msedge.exe	79
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80
PID 5236 wrote to memory of 6076	5236	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Haxhom/malware-leaks/raw/refs/heads/main/solaris%20(1).exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9eb293cb8,0x7ff9eb293cc8,0x7ff9eb293cd8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6072
- C:\Users\Admin\Downloads\solaris (1).exe
  "C:\Users\Admin\Downloads\solaris (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
    3⤵
    PID:900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9eb293cb8,0x7ff9eb293cc8,0x7ff9eb293cd8
      4⤵
      PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,162407999212491555,14246146603980994130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
234KB

MD5
093afc38e605c0adf9d83d626fc28d6f

SHA1
aff014a09a31891adfbafafadb4a20b83c6265a0

SHA256
a2d0d23254f999e7c447126d937e9cc61f917dd866b815faa78c3a1b49c5581d

SHA512
bc3a1673c46e1d25d8b392a73034efb70c69699681b4df40e2bb39b7bcc146a44ae27d26d05eb7e77543fa04a525aca4adce2c87d045ea9f2865e9ef2b24531f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
49KB

MD5
5b342864b1b7ad05bcb10743edd96dfd

SHA1
6c479e75edcd274ca22e16a7cebd8d9a5ed50970

SHA256
9caa79e893c63b2e33bdf767994e621989fa5244e53ccf12556a011e6498850f

SHA512
564c0e0ea8cb23b2c0b81e2ef6b42d07cb9e56f2613788ee8e5c3c7b579293845b8c2f65b417e8238eaad7f4b03a99ed95da5b1892df39e3b04fbe8e7dc69200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
28829f3aae07fc174d7adf5032976edb

SHA1
19e03402daab67ac635b7aea6cc02c599de524bf

SHA256
d028d84002cfd55328e1803757e0e31c9b39c8463501ef93b8e6b2a7649d65e0

SHA512
8689cfc1a4ee622dcea1a7bff948204327873522a2b6013a7791e6a6985f4271f9b36b963dbac7e6c6a7e86c9ddece67fbc4a697c51f38bd75251bf04d0da8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c8142d5cff4dacac293e2d32ef35316

SHA1
051f5da309854f5c5821cc7ff0231fd07012f92c

SHA256
5b05afc50f9739d5bf1f7bbb0e1e7ddc5a87ddc94b34c73d1ac43a4abe02ff09

SHA512
1adf4e31860d8afb680fe4c6e5931440cb02812d194ccd1720e630642f1ba9c2fc44879cd3eb7af0df636c010fbd214f276f3dbf82f66fb2e008376587eb3454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b707a011700a370a919dd09c019a15c7

SHA1
0d56f3e6fa26be5aefb155b579f54ec202909ee3

SHA256
51c3fdc9648f6ad7cb5b5ee3676306563b6a2a1b298cacad88a02fc1f48f1272

SHA512
7c3ac6b55dd10801ca8e2b277e00245d68dfe49dbfbc86b913ffa41dc5becbd4b72fc0c55d1c11d376a16aac14656b2983d1d2bf701abed68f264326641b4827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d69d98ee9cec1f910d0f8da6b849a7b3

SHA1
9994decd5266ae6661fcd4f431c3cb0aeeb128d3

SHA256
e4f49ba1225bf44bf995d024bbd25ac0c4e6fd5d0aa720dbdeec4b4aaa4e8bfd

SHA512
599618d473cacbfa05a35cfa7f9b81729ab8d560fd7ac7a8ccffd616d1a973fa8a26c5c02b4eeb84466bd8f8b4f170b62e75bb9521a9419edac47ce8bb04e1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0824a3b8877a3af4cc8de38c183e579d

SHA1
ac0071e278068f5bf864297a72a3e37ce23b2305

SHA256
ac728e43936b99ca6f390e8b2979e0f91321aa1618cd441ff538dc9938aaaf9d

SHA512
e53bedf3528b7671c985451afc29fa85eb1934416b2241b7f34dd0245878733e8143228568f2bcfb857eccdc0f61e9ea7663e76c118558fc66ddd5051ac1a04a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
557d61188cf9648ca4e24873b3cf1b7b

SHA1
5ac815bf7e2d06a1dadbb1ef5d1cf2c5cf096c69

SHA256
3c5271baa24e97d383732d11a31770110972d461f02f5a904af24ddf4b3770d4

SHA512
3bf89680e8595e69917d970a51f95f4d7e869cf6ff71cfde7e9d69597c19d6e73bfff48411b0c1c72cb3a26efd7bff45d04c99c897aadbc496929653b589dced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d7f7dd8-ee30-46e7-9170-b4c29f6c9d2e\index-dir\the-real-index

Filesize
2KB

MD5
2f764540e3f537b948c774a8d425694b

SHA1
7b69a05b0fc43a0b8e0e2f5959a2c533f32e81c5

SHA256
9129f3333345cae1bf4322f35a1c32f8ef15edfbf1adca5c4e99c5114a82393e

SHA512
2a8b9efe131312c69dfd1d4fa4746811129687aa5f6e6aeb5da2b6a859adb76865cf1c3debce997c036887fd5aef842ac3a9f0a54453ab146b8745cda3829092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6d7f7dd8-ee30-46e7-9170-b4c29f6c9d2e\index-dir\the-real-index~RFe57ff8e.TMP

Filesize
48B

MD5
b2d2dec2cdc32c04b84e847d3284e0f7

SHA1
f65c084ac0c1691113f037170ee4b7bb78fadd5d

SHA256
e66c99f5f87c6ef2219e33dc8647ad182dc2b491fb3ad17d81bc2fa4256a6b32

SHA512
46c1116417bc076b78e99fed1925e12155fb8cafbb4a168cdf0f9ea692e9eb9e83e78b42a75d729d80de2ecda150aec6d397c1327d7b6546892b3a0c251015e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7cd783c4-4f8d-429c-b601-65e7e98709c8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bd5dfa6f-c4b0-4ac2-a648-5212a0fd45cf\index-dir\the-real-index

Filesize
624B

MD5
306c5b5a63344892594ceea816bcce2e

SHA1
90dbc53b0003e5170ae94f2a44288dc3b2b87ee1

SHA256
04b6b499823aa5d05062adb3535a1bef7ac015093777ca2237b5a42fddd4f15e

SHA512
cc45caf2a9a04e8c69e032ab56700c2a69576324768de0e150fe3000e5a09f590ce1f5fac1c6dd21eafbba01fab93a928eca02fe11f4bf0a0cb3dc4cf98504d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bd5dfa6f-c4b0-4ac2-a648-5212a0fd45cf\index-dir\the-real-index~RFe5863c6.TMP

Filesize
48B

MD5
1ad6510e6a74889fd85277abd13620a0

SHA1
cb0de2256374d3cea7eaff19be388f33851ae104

SHA256
c56edfce7be22720bdcdbe805e89053ccdcda78bd69a547cdf1f30de0e9532e4

SHA512
d6d2049115067656d7b65f10acc82929ee3c39bb6e12dfcb96ce351ffb1dfff0fcb2fa2cf8e5685c6ac7651303ce94c80118c2c22b12fa811ac2c73441384853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
2d9b356aa21dee147d86c43318bdbc0b

SHA1
c2f98057bd8fcc879c598dd824fce1a509476a22

SHA256
8d6805505f9e24220de4761c3d1ce929131bf5f3df75af820fd16464cf42b1da

SHA512
d9ae7a8a7b6466cc7f167e049af0e9fa2a9e2f1b3622a67525e3134e851a6e46599b5b4678aa3a21721c660dece3070b4282edc094d2ec74a92ffe8b690195bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
d076e26ca85c72d89709130066ea2e83

SHA1
ba133016a5f9d0fc749ec261055da8561814a0f5

SHA256
52e33fcbe99044bf9966bb97f406ad0809a85ffe9922ca9f65acb4adbe576a3d

SHA512
752cfad8e24f621ca5ce29632a7b5e47ba7e8285f2bb074bbdeae078bd1f35ceb59bd586b62b04ce730306c58d428731b6ca2db24008e48fad96b80c73411781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
00a6fb2396052f5255bd5250ae57cf3c

SHA1
1d0bc8d57c2de4d3c0ca2a99de0079379722eb18

SHA256
c9b20c90398237591ef3f93ca7c1b7e821a2972ff864a1af69f35f485003d13a

SHA512
7b439be3ae857f6061f49030616825dac1d621e90c1df6da034ed6a4e234abce802425d65e3c8fbd31a68a58446e059d89aa983bafb648deeaba60563a14f02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
30f0deee97ad078171c84e197866671f

SHA1
f65543478b6084e12c471c28859831b6adc53b5b

SHA256
6e54554d7aa7a4161b8afe208d6fd5e1ea209458db6ca4a15bbc0b839f5020de

SHA512
dfa6a49874d72087b6db213708e4dac5f7d8c1c56f00e4a3749f029bbaef8e6fdddc2817ba72423b61173ed169351b7dc8ed3a07e89c7145f2d56b1314e69a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
0066db53a126dc859c882519bf50207d

SHA1
a0158dc9da35e84759ce85fd3b34eb0f88ffe00b

SHA256
0fb2f941b98b831e7c0ad88b06349b4a67a13f57ccdb80e47d234a387f0a7b10

SHA512
fd69148762ffea804034ffac1dbfa4ce290399b0177e655c9a8e613ff186d652fdaa7be56c4fc59ef0d74cae5dd5b72d7168a1b8b4dce3677b4c66615aa096ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
f974ef6d5ad6f4a9dd7a34374be4f15e

SHA1
9d6a3a0d53128479354e2b6c75ee0679f09af085

SHA256
aa07ae75f200fcd9f0e27727215a489cfbe91efef64104cb9dc1b02c3dd20804

SHA512
772cf3796314d0a738e8727ca797aa7c58f390e49f9aabe96946ebedda4e860ab09012b2a2e945b775ad7d074f656a6e405cf281e970c564d08c600b1fa6064e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57ca16.TMP

Filesize
89B

MD5
a5b1da35e37f917a68a11e966b1bdce6

SHA1
a2fc167177c8c3f1a077d011065f3a44d0d04095

SHA256
3c47aa3967b4631ae2e38e46605744069f7a1199c2bc6f9d9fb15cc179f51b76

SHA512
a18b03b1cefda904d28cdff7b98df731bf14b8c3e71258cd2fe350557b8aa18e52677b10c3ed9f45d2a8c351a95c223628bc40b229d99953a63602b223d38b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
26a0301c3b0ceab2533505033c04722e

SHA1
8e1094b7f747cce2195a804689786cbf03452116

SHA256
69e70151bd0b6d687f80d64c6c54336a276030ea7e282a629a13ae0fd126edb5

SHA512
d52312d4334dbebc538dc79a706d1f474647df589e2d92949ba0359dde2d4858703572e8b0f2857662e3b93b2e409f90dee86143b886699de4017decd1e882c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58583d.TMP

Filesize
48B

MD5
a5d8488f0f03e0a739447bea9a9899bf

SHA1
1a9b424c26884e54cae7885e23276874c3690b60

SHA256
5cbfa42b3ab56957e30151f38d9ede49d35f3e75f22fc9a0d3b2bcd7289abe36

SHA512
00926226f3487d5c207bbb149675127216f3e4a44057f19fb7514d743cdfc6021a00b99760abe12f586cf078ed7289ec15de745967181ba677f74c724b70fbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
7052611a4be2d0f7d14f0ba28d5b3bcb

SHA1
14fb7b49433ee8a1649d47b66bab7ec96d9d5b67

SHA256
43f1cf9c1b1783efec235961a585fbdb023b8ab9a6aac069e004f78c4a400971

SHA512
933ab0418b45b6113f1444d960d7df7e686619965b8b0c78ec6b8e46ef98fb5d74bce8f616c82b9b37e467af04e4856fe89ce9c175318c2f581cee90261e93c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
357e9e9bccccb2147569d864d1950867

SHA1
9c6c1c38cf9cb15cd845c442204ac2487c389049

SHA256
d3fcd5dc1d0588b8a3de1f3fc67a77caf2805b2e19070c288ef217189b3eabbe

SHA512
7d1e00af627d767ba6d259a335d74274f27c092f6ea3fba117f22547851ba195477f28c4e823f87246ffae7986f12fa9bbdfe59567fcd027c1ff794f102f20d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26fe9a3853698f5bbcd7d425b3649dc8

SHA1
57b40f816e00523ff6cac052116a6ae2fc42d3d1

SHA256
ee55350fed21889567ecf72849d2be0081f0b76e407dbaf677ccafec853e5483

SHA512
5c7d6e50152d1be42157ea3d1ac256355df7e561b26724184c4cbe37e9103cf384adb8296d616694d1a15daaa104a051b69a282a1a168ca41b4b136d00133ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd6f.TMP

Filesize
371B

MD5
abd8d39aecac6c55d4a1765f54c09d5b

SHA1
b74dc11018152835ae6f2a3cf33f81541ab3b250

SHA256
b695b868f3e47394d3347364c40a7f5484b3efc19f7305b3ee6b228d91f940bd

SHA512
337a27af28ac397cd0bec3e217230df46441d8a9cfe3665882df0dca121f6a26935b8838d5b34936feb94ae712a8d162bdfbf22b6bd4e4a330eaefd253163a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
98289901138cabf7b5247dddee4f7e14

SHA1
fd7542148dde754322a42434761d0033c5da64ea

SHA256
2b44fc314c556def9929928dbfa8dcf9da95f424dea9f8c021f90d97f4be168b

SHA512
629b1a9d086d9f2c17fd217a50c691ce21bd6dc3be7f2fb29ad6f14cb56d5828e08545c6676ba7170583e53ea48a16ad284c47b891679c5c4220c228f2e6af61

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 918146.crdownload

Filesize
134KB

MD5
0afcd7ca960cecf358f0ed09c8c3bfdb

SHA1
5485f19e7c2bb065530307443d44374c3706f933

SHA256
77df13cb8fdac0f93035d9df79c94ebe5f1d701ef0133a7678fab9ada60f73f2

SHA512
5242bf7212ee87f5561cef9d84c3104b825ebb01246026912cf2dab719e96dfa7ddc4d60d56903cfff47732322365ad9d47d6488e39657ce406eaa7dce155d2d

Download Submit
C:\Users\Admin\Downloads\solaris (1).exe:Zone.Identifier

Filesize
124B

MD5
0fa4fa5c8a1fa37a72a1a884c52e5f81

SHA1
bae784ee45ee85f4ee30045d2e7725df0dc26def

SHA256
01c0339dad5bbd1957ac27f46b8a150c7e838ff309c7485a545607d6e56157ed

SHA512
7e074e29444e717078dc6651ed9c1af944f9fb64d486e56a896de324a0a92a0c2282fe4132afe7276368faa20cb18c2dc2f2238afc6a4622e2f0a94b18f744f9

Download Submit