lumma | hxxps://www[.]mediafire[.]com/file/xa6r4gy8vtsqtv5/Solara[.]zip/file

Analysis

max time kernel
390s
max time network
392s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/xa6r4gy8vtsqtv5/Solara.zip/file

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://harmfullyelobardek.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

7zFM.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation 7zFM.exe
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Executes dropped EXE 6 IoCs

Processes:

winrar-x32-701.exe7z2407-x64.exe7z.exe7zFM.exeCheat.exeIf doesnt work open it (loader2).exe

pid process

5012 winrar-x32-701.exe
7304 7z2407-x64.exe
6700 7z.exe
964 7zFM.exe
6184 Cheat.exe
7448 If doesnt work open it (loader2).exe
Loads dropped DLL 3 IoCs

Processes:

7zFM.exeCheat.exeIf doesnt work open it (loader2).exe

pid process

964 7zFM.exe
6184 Cheat.exe
7448 If doesnt work open it (loader2).exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 2 IoCs

Processes:

Cheat.exeIf doesnt work open it (loader2).exe

description pid process target process

PID 6184 set thread context of 7840 6184 Cheat.exe aspnet_regiis.exe
PID 7448 set thread context of 7272 7448 If doesnt work open it (loader2).exe aspnet_regiis.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	7zFM.exe

pid	process
5012	winrar-x32-701.exe
7304	7z2407-x64.exe
6700	7z.exe
964	7zFM.exe
6184	Cheat.exe
7448	If doesnt work open it (loader2).exe

pid	process
964	7zFM.exe
6184	Cheat.exe
7448	If doesnt work open it (loader2).exe

description	pid	process	target process
PID 6184 set thread context of 7840	6184	Cheat.exe	aspnet_regiis.exe
PID 7448 set thread context of 7272	7448	If doesnt work open it (loader2).exe	aspnet_regiis.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2407-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 22 IoCs

Processes:

7z2407-x64.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{E8F14919-B5B6-451E-9128-39F2BD8846DD}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe

NTFS ADS 2 IoCs

Processes:

msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 319132.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 603930.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe7zFM.exe

pid	process
5548	msedge.exe
5548	msedge.exe
1984	msedge.exe
1984	msedge.exe
5420	identity_helper.exe
5420	identity_helper.exe
6852	msedge.exe
6852	msedge.exe
7596	msedge.exe
7596	msedge.exe
7596	msedge.exe
7596	msedge.exe
6864	msedge.exe
6864	msedge.exe
4992	msedge.exe
4992	msedge.exe
1348	msedge.exe
1348	msedge.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe
964	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

964 7zFM.exe

pid	process
964	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7zFM.exe

description pid process

Token: SeRestorePrivilege 964 7zFM.exe
Token: 35 964 7zFM.exe
Token: SeSecurityPrivilege 964 7zFM.exe
Token: SeSecurityPrivilege 964 7zFM.exe

description	pid	process
Token: SeRestorePrivilege	964	7zFM.exe
Token: 35	964	7zFM.exe
Token: SeSecurityPrivilege	964	7zFM.exe
Token: SeSecurityPrivilege	964	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

winrar-x32-701.exe7z2407-x64.exe

pid process

5012 winrar-x32-701.exe
5012 winrar-x32-701.exe
5012 winrar-x32-701.exe
7304 7z2407-x64.exe

pid	process
5012	winrar-x32-701.exe
5012	winrar-x32-701.exe
5012	winrar-x32-701.exe
7304	7z2407-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1984 wrote to memory of 2720	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2720	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 2076	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 5548	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 5548	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe
PID 1984 wrote to memory of 1312	1984	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/xa6r4gy8vtsqtv5/Solara.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa819846f8,0x7ffa81984708,0x7ffa81984718
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
2⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6580 /prefetch:8
2⤵
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
2⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
2⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
2⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
2⤵
PID:6264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
2⤵
PID:6272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:1
2⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
2⤵
PID:6416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:1
2⤵
PID:6680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
2⤵
PID:6780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
2⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
2⤵
PID:6928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:1
2⤵
PID:6936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:1
2⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
2⤵
PID:7132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
2⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
2⤵
PID:6448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
2⤵
PID:7064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
2⤵
PID:7048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
2⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1
2⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
2⤵
PID:5656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1
2⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
2⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
2⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
2⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
2⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
2⤵
PID:6300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:1
2⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:1
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
2⤵
PID:316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11028 /prefetch:1
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10756 /prefetch:1
2⤵
PID:6212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:7684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:1
2⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
2⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
2⤵
PID:7732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:6988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
2⤵
PID:7836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6080 /prefetch:8
2⤵
PID:6208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10928 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:1
2⤵
PID:6648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1
2⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
2⤵
PID:5928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 /prefetch:8
2⤵
PID:6448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
2⤵
PID:6160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
2⤵
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11108 /prefetch:1
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9192 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Users\Admin\Downloads\winrar-x32-701.exe
"C:\Users\Admin\Downloads\winrar-x32-701.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
2⤵
PID:7552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
2⤵
PID:6176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
2⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
2⤵
PID:6952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10020 /prefetch:1
2⤵
PID:6984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:1
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
2⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7076 /prefetch:8
2⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8200 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1348

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8112

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
PID:6700

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:964

C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:6184

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
3⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\7zO4C35E43D\If doesnt work open it (loader2).exe
"C:\Users\Admin\AppData\Local\Temp\7zO4C35E43D\If doesnt work open it (loader2).exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:7448

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
3⤵
PID:7272

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4b10766b-707d-4071-bfeb-646f05099f7b.tmp
Filesize
11KB

MD5
3b9c173a56441126279907ab6163af7b

SHA1
58d3e02e3088778d15a52f065b9141447a118be2

SHA256
f5335b02b2733b2a86f0d820c8046d64014819bde513c363e784a54480318cb0

SHA512
502642d54c5590ef22b968224d2a2a52076d40cd068a73a9eb3a3a4da965db63d0d1a7f1d0d1004ed941229975352c8105e932e05336d1becb1924c43bfbaf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
70KB

MD5
361ec065ca526c3109c3c878db065d2b

SHA1
57ed63c6088bf80e58ae487b32984646d89969e3

SHA256
39b6f03e15fbbe59c144ceb7ba775199e23347e93e6a1e020fc7e551c44d42bb

SHA512
82774e5035f08d5791b963d98ac8e4bff63ce6eaa7ac2b062709e7a921407c492042bb78c5f439686cfe60774f56463d3eaa9761671ae74c75af7ae0a2634842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
18KB

MD5
4833e31eab7953941b47560f75cb301a

SHA1
e6a5c7375606e2b7e777203a778e9730c177c7c3

SHA256
14b6e98af5e25c465a253bc9571700135bb587d3d2256e8ef53a07145138aea0

SHA512
5df199a8c323173bd4001ca0876d29377b9badf5996956bae51a7319f56e68dffbe38eca6257abb008080c3d8ec1d4fd46eb8b5e0ca7abb599ed3a68fc852608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
91KB

MD5
1b3668e9a115df87657a97f9e5d803bd

SHA1
717a7320d5cd2f8b6b3b00f1c7cd6083463f4a80

SHA256
a21589ca4d56b87c16ce042956e9e8f3f1aeb8eb86a6b0f79fe2e4cc02d16f77

SHA512
835137f0946896c8f954c34612093736839e0eac94826430a69ef6e09b90f36a72be0b978a8c2bf35fcc47ef268c9da8a6e0f5a9aa23511ed232e4090c886ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
107KB

MD5
02a9f1890a54476f8c95fd735bc291fe

SHA1
a0d7e89ad639796c2730e587eb93330ea8a080fd

SHA256
87b9c943c564314e36487f559baebbdf03449134635522480ba1caf3019b532c

SHA512
732917bd3fc0150f83ae454bd0115c9baa615b4e417c260b1c061bf78537c52da2a8126c6a9bf0113b96f02f8703d051c357398f6639afd42d851440fc601acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
71KB

MD5
8332594c5e79aaab129eb9a04d2c75c4

SHA1
47a492bf14111829f40110d2a11035608f75d74b

SHA256
92da1e957cb3af9dca54a3b47fa8a0dcd183aa15a89a8710386ed212e3bd32db

SHA512
b9d3b3f706f21c3e321b13e378069aaab1efb696357d9703c37fcad8e86d53607216dbbbda124b23e9363a4adb3b8c8b6c63a2e26a669fc9b740ceda26467da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
1.2MB

MD5
620dd00003f691e6bda9ff44e1fc313f

SHA1
aaf106bb2767308c1056dee17ab2e92b9374fb00

SHA256
eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586

SHA512
3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
bec13a66ae707b5a40ad3295a0b546c3

SHA1
78bc950bc8e470013f778a6748a04776632a0c90

SHA256
d69beb415185fac0d512d6d5700a0a236684931980f1b39e81b625f8b47b572a

SHA512
d545c401a92cf953833c39bdc87e54b7c318160a8b71ec9006c9c90eeb908da0711b48f0e5d2cd837384bf4480733aaed1f93b528727fa4299cc283a6b5a74ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
f25c54d127ca69842d9200139e4da368

SHA1
981a211ad749bf01b41996044df6b205932aae64

SHA256
b102ee38fee5008731b5e20804bd01fdad5fb4b0593d59b142a27c402f1bed71

SHA512
8b2acf3ac47c1ee433c7558b2864e39c3defbb7e0b306644208ff2bd84b1f2cd895873d68e572475dbde0820229d489f5bae50b27e621d7da40c7bfca32ad54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
7a96977a7efec41e4549a79ef44dc4b1

SHA1
da1a3937631c3437786fab30f6eb9484ce438904

SHA256
2a8089b8314dcf66838f7391f01ecd7600189c2989d88acd001cb44864c7ddd1

SHA512
cceb77d0cedf4890756f63f8bfb7d5aab419303d73d24cbaffd930a0c9a84915903d024e20076474c607af819309622ef714291cc87b38474d68a18939437c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
13277eb43d36df3f091cd08ddb56cd14

SHA1
d56612bb8b5ddf3998c1da58837c987413e9d6b9

SHA256
a086977378230af8b49a808a881841036707d7873a249e4c3a137adf85def432

SHA512
3c217fcf1101c2b31555eeb4bf4569f957623b4a10030cd991718a7f220c291b2e895ff1bedcb118f1945c90533daab3d59869c8c1dd85f5a2d365b59c8fbe6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
13KB

MD5
3297be2cd7bde78f1b4c122cec567278

SHA1
437e8bdd04c0c1b89553397f3d9fee0a04ce94ba

SHA256
fa8b289de33816cb2a30859cbb3b9dd77de14f9819393fea00197dc3246e7707

SHA512
acdfb5dbf9c15a24da072f4a635b595d3cbd0d5fe291356421763bacfaa7aa0a292fd9581734407e125750e5f6904dc9fbe14aad87bf1c5209ac3c83e63af246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
13KB

MD5
863407fc102db1fc7a04893a2c70c1da

SHA1
c6c366077b61488c95c8d74f87ae46e99aaa3a1d

SHA256
736ba54150280c36a59faff0b01b9374a5062ad57fe7ec2b5229753bc63a0eca

SHA512
42cc2df263fd26391ed250b2d71269d7d1fa321ae636ec40ac7b5a76f9484527a4b5aaed0f3952e3b23a6902153743ae8fb0825acc74a7afe5ec3b21ea55a769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
edcc653c3d264ebe446980d166c448ad

SHA1
fe37936d8820bde52f4894c40e2b218c46e89775

SHA256
b98337ba1203beefaa2c286b34a58733c43fb7aa344a028223fefa72c199f4f3

SHA512
a26dfb671caf4a2cd2bde0ae1496c7943b8732ae99d32c864b855ea5c68836ec0adaa5976e626d31ddcc6c1d3fcd3789f31bdc76284c1fea14ed6a8b68c618d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
725128a7139f82532f5cbe7ccd335a17

SHA1
13ab2df06497be870a2d6bc0bb22f704943322ee

SHA256
6451350bed6dc46944bcf2ecfc52f4b2ef4d191ae807564c970d4353da8ad84b

SHA512
be5c19858ad20a3cad9bbe10463c78c619f1b3870631d8a07948186a048b52969285f9a9e34221089a140a07c307f50ac88b548dd42407f6b34bb124f55838de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
2da8be2744a5f1d8873eeee195f91b32

SHA1
3f31fedfcfce259d1976077748bf47a109f08333

SHA256
b79d917607f5936fca8a1f0c30d3e53d185391f9672d5386ddd11f0c346a13fa

SHA512
f2e72b60a8672ed2af5077edf2600167a60e88e78c48bf1337c103401079a38684b691d2cd0c20f5930f42b01924ad7b6d6ab0096c169b81d950f21bdbf58834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9404115e0548cb3db1e369ed29c1ae27

SHA1
f72965ff698b257603947cb9382d980ba6dfc1bd

SHA256
bc02ce0e789a2e9c087ba8f1ab5743c448ac50b92ef1b774c4dc496188eddf59

SHA512
6e1855401c99afd822b63594bbb13e5e2ede94c7f452905d076df8005b2f731f6ec84155cd8b27f49e6e82482a02dacc18d7a0716bfd61cbf4d6998a2b713d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
bbe8fc63fac29b259435329054bc56b8

SHA1
4efb98c2238228e83f8e16e94f93d58e7f7dc94e

SHA256
0c8ce0b765f9611185b7b967f6f8e4db085172622de279c4f9a72666c53e68e3

SHA512
14c6b5e9c7fe389fe07687bd5cae9de9144a385ccbbc1b299dcd0d156f97232229ed043bdadc52d9e9ede69a15a6bb8e9d6c63095d4797d75c1e16eef2b7fda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
17KB

MD5
4ae36ff802d44f60b6dfbdb5a477c0e9

SHA1
433ed65d2d190995487bc30d962b6e5ac0f0a4b6

SHA256
b8ce56672aae8d7e02da6f6005d44151e51dcb89be7b02584ce895aaddf373dc

SHA512
c0f7a7d17f3189e12c60a89e9443f56296573fa90316f1bb17c5ea74ca4310ed1f05c3d9af170a25456df2f25e609270bcd3ff2b98011a09a88adc25ea048b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
acbf4e7d0c65aa1133360e75b695ef0e

SHA1
926920463b63599a465f34469be482ebb551e83e

SHA256
fc6a101c39ad81ba343eb904a2ea6288f52e792c286045877fca32d6d8f88620

SHA512
24a30281c9456db777842a773347702da718b1e7ba6bb2d031c0f8a2bba4fe4a0f78e202de5639d15bf1e3f65cc2e2c65680b3ca204bbc9eefd957ba662691ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
3c67b88b05a4f80624c561fde0d512dd

SHA1
f2f3ea4e8b44e5b82e101a6028a2eafa9edc8c72

SHA256
9e89b56db98805959e5c92c3cb7b7c74ffca3b0fb5d9f899f45eef67efb56980

SHA512
c05c049bba2ac4584ca1161413b252be9e2d800fe9a0edfd38e0d4bbca78a711bca3c5ee91e064ac28d3453954e96e86ccd1e875c2d1b7758be4b85e59f45c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
0d0b409fcfc9442c6d1ac4a956dbb512

SHA1
515b71d1bf64e904a20329c343d0b8b181dfabe5

SHA256
275b6562f0339d9fa8c54d349c2baa36e5198473e624c9d2ecdbc49174df0b4d

SHA512
a99a8a9f578a783ca6da8b263d9a3904c5c327d36fb201bb513ed712ac9f8cecdb4e434cc8b7ffeb2c39ea833b989c96fa299851cec8b8eeefb3abd442538472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
92664d340150006a6367c7e4ab9965b5

SHA1
d3619b171e6312f060f57d3cfa28acc605ebae3d

SHA256
cfa82b353589c5b75cad18037fe9be274e698e933cdaf618028cb47e0f830531

SHA512
797a22092cc1b70b872a63f3da8c19fde2ab8eae5b2a17a72d1d802ccd08add90fdd0b019aaf9f2d2b7dcb80cdc4209968e40a13f348a4b53b5baba2992997be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
8f7aba9703ae7048eb0d1c353a1f112f

SHA1
8e51873a72bcf93059c943fe531aadd9e60eb056

SHA256
b8c0454ae48caa4d20e6378717f50aa26905e48640e3a5e278582e77e05431db

SHA512
95441d8cbd10f2a3bf81f246fb225e8a026bf71419e0df7c431daf298221394fe7a2b2923d9223f932a862bacc81a5c0798df09851648bf98e8e2b2d979eeebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579431.TMP
Filesize
2KB

MD5
99c438d5087a9d312b0fe3be4494a540

SHA1
08e6e25e406aa2e74fcecdddbea4d07206cb3f7d

SHA256
78c2a48ad747c99913b523b2c89a88f505a9fa336c1e6d260ff489357742ca46

SHA512
687feb9e40310d3396e2b599d6ff5c5203046fb3f2676d7c72806f2eae9a64963d88dbc4a9be5c90f2a8ade9a06363ff3fbbc3b44788525fc9fe0bc772759ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cb2ccbe1-56fc-4433-abad-4054693f548a.tmp
Filesize
16KB

MD5
20b64f8b7936fce38370ac4045795d25

SHA1
c5b4e9ee14e525b0f6f7f0e709ff37766ec7bfd3

SHA256
67c089ca030dd47e4d904301d74e6407a75b52ed92c9c9ec3ef0c4486f026db6

SHA512
27f069243ad63f2fc27aba26568f509b22c99bd4e35fd2bf56d53732c8dec8921dc43a99b04413a3cc5fc03307ebb97dbf27f92605ca1836a759634a56b7aea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5ff96657203fdc65379eef01c967f9b6

SHA1
84e29ec4c12378f5e095b7a4b499545d0bfb2798

SHA256
a14535a545c96f453658b998a72ce58d4cbbc6d1ae81d6873863ef29eaeb84ee

SHA512
5248768d74b6cfee06dcdd4bc0e488ea846ae4e4f4ecc3415288fd028289d8fa6aad1b590533ac2c39725e466a025471e43af301f7fd191a2087f548e062ce15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
38a8f121fac9ce48ae25dad361ecb5a7

SHA1
dd99b2d38bb237ecb518985d7df12661b73ccc39

SHA256
47f21ee338ae391a2af7eef948266ccfae6c521be11a6549e794f9d427b41464

SHA512
c83b422f06741b0f31e26f08db661aebeb3bc4b628d552c16afee098fef3767bce2ddb5cd5e9111bad5035a9f33d61db596311ea17132a03a5a513f9a207b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
eb70f4ac03c5b811d69de8279e316151

SHA1
2e2fa364ef1b44a334f658a26a8d884ad54b2ae8

SHA256
bc52f20b7d0d2db89601b1d91ddc22372a3f5d3d89df40e942f9d8713fa841c9

SHA512
1facced00d9b95be3ecbe83830302d6150c4853ebf0cf07e66b0dc2b986b559955c1219360f72cd0548a9619e783da36e418cab5089eacbe7f652458343e7316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0ee5449f25c7094e3310dec25477375d

SHA1
a6a34d3d30897f39fbe237685f3e0ca61337c367

SHA256
0f6476608cf07f4026af39afde5fdcb0af9dd7a87f42aeecb423a099f040b7bc

SHA512
aee4df642a34841e57cbf07fff1dccb9e46a74c429bcba131631d87820db552064b2f07c82ae650dac9d1e986da3a0d8bae523ae41b5a16523ef607d63f9b408

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c82d1dfbb7ff2d71fc3ddf8e67426ac0

SHA1
f2306a5892faa88c0980a36b15ba5983d61556c3

SHA256
c90c4fd2365ecb177c1defc7ad700037028de3c7a0cacd9d85936c5bc20421c2

SHA512
41b819188c1e21673edfc6b83c980c897396b1cedaf9246c144366dd9ac40cc3ae73afdbc47d03c1bcce882668f64bac91b1e319ea89c13844904d71880816f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exe
Filesize
413KB

MD5
70f255604c98fc3d15c0430315321691

SHA1
783670eb4cc0dfd7e071668781863ecae4c3400a

SHA256
d8ba293e3680f84b3b938b7861eaf4b79050f35f04cf323b9d6a5e72287451a6

SHA512
c2dc8a23d51bf8de637440d1ec9cb4f103c05bfd733d6f21996b928df18eb5c1bb3ad939ceca7b9a611bb9169ccb4c8d58a933d21e9ec15a55cd96064aa4429d

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll
Filesize
441KB

MD5
0ced892dc6737e283b6ed7822a38cbe0

SHA1
0917bd1f076284bbca1636d376db16336932fe67

SHA256
4a9625fc273f123e07b5648306082d8a1156c3ecfb935e16d834ace2ee4b93a2

SHA512
4835af6206d82a49f8b96133c6af41bfca66788ba1a90b22e252f733fa2bd82622012d5749b36cada5797e9ae07dc00a097300e0bfcc1d45668214240900c537

Download Submit
C:\Users\Admin\Downloads\Solara.zip
Filesize
13.4MB

MD5
3583890b21e03be6f626b0bcaf1b802c

SHA1
45f21c5b402f125ff955839bf25b1e17213078c6

SHA256
333d63bc9676159ff8a9d18692a18c748ff74631a9e82f85a0536626fbe57c1e

SHA512
07e90b33f3dcace4e5baa7b0dd06df638630dd657ae7a719be9d86265be5c08feaca13f69e95654920acb9d33d160bdd30075e6e77075e9814810ac9304286f0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 603930.crdownload
Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\winrar-x32-701.exe
Filesize
3.4MB

MD5
547e29c3d612a26d41545a31e6bac6c5

SHA1
939b73086c7c622e86fbbc1050d8cd407cc0beff

SHA256
503d7256ab2198b774c91da1e100960b40d333bcbd1df0bcaea68cfed3f2599e

SHA512
b04f136e6075c661230b9a01ab3ec94c1b5273f2e824947721c8cfc51468c51ed63513875776d59e665a50218e370d767e392ac3d10db0e385663c16ca361d7b

Download Submit
\??\pipe\LOCAL\crashpad_1984_JEUTNYDJFKJCQZSG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6184-1441-0x0000000000F20000-0x0000000000F92000-memory.dmp

Filesize
456KB

Download
memory/6184-1442-0x0000000005780000-0x0000000005786000-memory.dmp

Filesize
24KB

Download
memory/7272-1471-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/7840-1451-0x0000000000500000-0x000000000055A000-memory.dmp

Filesize
360KB

Download
memory/7840-1453-0x0000000000500000-0x000000000055A000-memory.dmp

Filesize
360KB

Download
memory/7840-1448-0x0000000000500000-0x000000000055A000-memory.dmp

Filesize
360KB

Download