Analysis
-
max time kernel
390s -
max time network
392s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 21:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/xa6r4gy8vtsqtv5/Solara.zip/file
Resource
win10v2004-20240508-en
General
-
Target
https://www.mediafire.com/file/xa6r4gy8vtsqtv5/Solara.zip/file
Malware Config
Extracted
lumma
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://harmfullyelobardek.shop/api
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
7zFM.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation 7zFM.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 6 IoCs
Processes:
winrar-x32-701.exe7z2407-x64.exe7z.exe7zFM.exeCheat.exeIf doesnt work open it (loader2).exepid process 5012 winrar-x32-701.exe 7304 7z2407-x64.exe 6700 7z.exe 964 7zFM.exe 6184 Cheat.exe 7448 If doesnt work open it (loader2).exe -
Loads dropped DLL 3 IoCs
Processes:
7zFM.exeCheat.exeIf doesnt work open it (loader2).exepid process 964 7zFM.exe 6184 Cheat.exe 7448 If doesnt work open it (loader2).exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 2 IoCs
Processes:
Cheat.exeIf doesnt work open it (loader2).exedescription pid process target process PID 6184 set thread context of 7840 6184 Cheat.exe aspnet_regiis.exe PID 7448 set thread context of 7272 7448 If doesnt work open it (loader2).exe aspnet_regiis.exe -
Drops file in Program Files directory 64 IoCs
Processes:
7z2407-x64.exedescription ioc process File opened for modification C:\Program Files\7-Zip\7-zip.chm 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ta.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sw.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip32.dll 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ba.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\da.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ku-ckb.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\et.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\descript.ion 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\readme.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7zCon.sfx 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\License.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\io.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\lt.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ku.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\bg.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ug.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt 7z2407-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 22 IoCs
Processes:
7z2407-x64.exemsedge.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{E8F14919-B5B6-451E-9128-39F2BD8846DD} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip 7z2407-x64.exe Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2407-x64.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 319132.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 603930.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe7zFM.exepid process 5548 msedge.exe 5548 msedge.exe 1984 msedge.exe 1984 msedge.exe 5420 identity_helper.exe 5420 identity_helper.exe 6852 msedge.exe 6852 msedge.exe 7596 msedge.exe 7596 msedge.exe 7596 msedge.exe 7596 msedge.exe 6864 msedge.exe 6864 msedge.exe 4992 msedge.exe 4992 msedge.exe 1348 msedge.exe 1348 msedge.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe 964 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 964 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
Processes:
msedge.exepid process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 964 7zFM.exe Token: 35 964 7zFM.exe Token: SeSecurityPrivilege 964 7zFM.exe Token: SeSecurityPrivilege 964 7zFM.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
Processes:
msedge.exepid process 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe 1984 msedge.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
winrar-x32-701.exe7z2407-x64.exepid process 5012 winrar-x32-701.exe 5012 winrar-x32-701.exe 5012 winrar-x32-701.exe 7304 7z2407-x64.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1984 wrote to memory of 2720 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2720 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 2076 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 5548 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 5548 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe PID 1984 wrote to memory of 1312 1984 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/xa6r4gy8vtsqtv5/Solara.zip/file1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa819846f8,0x7ffa81984708,0x7ffa819847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6580 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1316 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6080 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10928 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10664 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5984 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11108 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\winrar-x32-701.exe"C:\Users\Admin\Downloads\winrar-x32-701.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7076 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,4575519756793504339,7401572108187013577,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\7z2407-x64.exe"C:\Users\Admin\Downloads\7z2407-x64.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7z.exe"C:\Program Files\7-Zip\7z.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exe"C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\7zO4C35E43D\If doesnt work open it (loader2).exe"C:\Users\Admin\AppData\Local\Temp\7zO4C35E43D\If doesnt work open it (loader2).exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4b10766b-707d-4071-bfeb-646f05099f7b.tmpFilesize
11KB
MD53b9c173a56441126279907ab6163af7b
SHA158d3e02e3088778d15a52f065b9141447a118be2
SHA256f5335b02b2733b2a86f0d820c8046d64014819bde513c363e784a54480318cb0
SHA512502642d54c5590ef22b968224d2a2a52076d40cd068a73a9eb3a3a4da965db63d0d1a7f1d0d1004ed941229975352c8105e932e05336d1becb1924c43bfbaf65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001Filesize
70KB
MD5361ec065ca526c3109c3c878db065d2b
SHA157ed63c6088bf80e58ae487b32984646d89969e3
SHA25639b6f03e15fbbe59c144ceb7ba775199e23347e93e6a1e020fc7e551c44d42bb
SHA51282774e5035f08d5791b963d98ac8e4bff63ce6eaa7ac2b062709e7a921407c492042bb78c5f439686cfe60774f56463d3eaa9761671ae74c75af7ae0a2634842
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
18KB
MD54833e31eab7953941b47560f75cb301a
SHA1e6a5c7375606e2b7e777203a778e9730c177c7c3
SHA25614b6e98af5e25c465a253bc9571700135bb587d3d2256e8ef53a07145138aea0
SHA5125df199a8c323173bd4001ca0876d29377b9badf5996956bae51a7319f56e68dffbe38eca6257abb008080c3d8ec1d4fd46eb8b5e0ca7abb599ed3a68fc852608
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
91KB
MD51b3668e9a115df87657a97f9e5d803bd
SHA1717a7320d5cd2f8b6b3b00f1c7cd6083463f4a80
SHA256a21589ca4d56b87c16ce042956e9e8f3f1aeb8eb86a6b0f79fe2e4cc02d16f77
SHA512835137f0946896c8f954c34612093736839e0eac94826430a69ef6e09b90f36a72be0b978a8c2bf35fcc47ef268c9da8a6e0f5a9aa23511ed232e4090c886ff0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
21KB
MD5660c3b546f2a131de50b69b91f26c636
SHA170f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA5126be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006Filesize
107KB
MD502a9f1890a54476f8c95fd735bc291fe
SHA1a0d7e89ad639796c2730e587eb93330ea8a080fd
SHA25687b9c943c564314e36487f559baebbdf03449134635522480ba1caf3019b532c
SHA512732917bd3fc0150f83ae454bd0115c9baa615b4e417c260b1c061bf78537c52da2a8126c6a9bf0113b96f02f8703d051c357398f6639afd42d851440fc601acb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000cFilesize
71KB
MD58332594c5e79aaab129eb9a04d2c75c4
SHA147a492bf14111829f40110d2a11035608f75d74b
SHA25692da1e957cb3af9dca54a3b47fa8a0dcd183aa15a89a8710386ed212e3bd32db
SHA512b9d3b3f706f21c3e321b13e378069aaab1efb696357d9703c37fcad8e86d53607216dbbbda124b23e9363a4adb3b8c8b6c63a2e26a669fc9b740ceda26467da1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021Filesize
67KB
MD59e3f75f0eac6a6d237054f7b98301754
SHA180a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA25633a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA5125cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022Filesize
41KB
MD5b15016a51bd29539b8dcbb0ce3c70a1b
SHA14eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA5121c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028Filesize
1.2MB
MD5620dd00003f691e6bda9ff44e1fc313f
SHA1aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA5123e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5bec13a66ae707b5a40ad3295a0b546c3
SHA178bc950bc8e470013f778a6748a04776632a0c90
SHA256d69beb415185fac0d512d6d5700a0a236684931980f1b39e81b625f8b47b572a
SHA512d545c401a92cf953833c39bdc87e54b7c318160a8b71ec9006c9c90eeb908da0711b48f0e5d2cd837384bf4480733aaed1f93b528727fa4299cc283a6b5a74ea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5f25c54d127ca69842d9200139e4da368
SHA1981a211ad749bf01b41996044df6b205932aae64
SHA256b102ee38fee5008731b5e20804bd01fdad5fb4b0593d59b142a27c402f1bed71
SHA5128b2acf3ac47c1ee433c7558b2864e39c3defbb7e0b306644208ff2bd84b1f2cd895873d68e572475dbde0820229d489f5bae50b27e621d7da40c7bfca32ad54c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD57a96977a7efec41e4549a79ef44dc4b1
SHA1da1a3937631c3437786fab30f6eb9484ce438904
SHA2562a8089b8314dcf66838f7391f01ecd7600189c2989d88acd001cb44864c7ddd1
SHA512cceb77d0cedf4890756f63f8bfb7d5aab419303d73d24cbaffd930a0c9a84915903d024e20076474c607af819309622ef714291cc87b38474d68a18939437c3f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
11KB
MD513277eb43d36df3f091cd08ddb56cd14
SHA1d56612bb8b5ddf3998c1da58837c987413e9d6b9
SHA256a086977378230af8b49a808a881841036707d7873a249e4c3a137adf85def432
SHA5123c217fcf1101c2b31555eeb4bf4569f957623b4a10030cd991718a7f220c291b2e895ff1bedcb118f1945c90533daab3d59869c8c1dd85f5a2d365b59c8fbe6f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD53297be2cd7bde78f1b4c122cec567278
SHA1437e8bdd04c0c1b89553397f3d9fee0a04ce94ba
SHA256fa8b289de33816cb2a30859cbb3b9dd77de14f9819393fea00197dc3246e7707
SHA512acdfb5dbf9c15a24da072f4a635b595d3cbd0d5fe291356421763bacfaa7aa0a292fd9581734407e125750e5f6904dc9fbe14aad87bf1c5209ac3c83e63af246
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD5863407fc102db1fc7a04893a2c70c1da
SHA1c6c366077b61488c95c8d74f87ae46e99aaa3a1d
SHA256736ba54150280c36a59faff0b01b9374a5062ad57fe7ec2b5229753bc63a0eca
SHA51242cc2df263fd26391ed250b2d71269d7d1fa321ae636ec40ac7b5a76f9484527a4b5aaed0f3952e3b23a6902153743ae8fb0825acc74a7afe5ec3b21ea55a769
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
15KB
MD5edcc653c3d264ebe446980d166c448ad
SHA1fe37936d8820bde52f4894c40e2b218c46e89775
SHA256b98337ba1203beefaa2c286b34a58733c43fb7aa344a028223fefa72c199f4f3
SHA512a26dfb671caf4a2cd2bde0ae1496c7943b8732ae99d32c864b855ea5c68836ec0adaa5976e626d31ddcc6c1d3fcd3789f31bdc76284c1fea14ed6a8b68c618d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
16KB
MD5725128a7139f82532f5cbe7ccd335a17
SHA113ab2df06497be870a2d6bc0bb22f704943322ee
SHA2566451350bed6dc46944bcf2ecfc52f4b2ef4d191ae807564c970d4353da8ad84b
SHA512be5c19858ad20a3cad9bbe10463c78c619f1b3870631d8a07948186a048b52969285f9a9e34221089a140a07c307f50ac88b548dd42407f6b34bb124f55838de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
17KB
MD52da8be2744a5f1d8873eeee195f91b32
SHA13f31fedfcfce259d1976077748bf47a109f08333
SHA256b79d917607f5936fca8a1f0c30d3e53d185391f9672d5386ddd11f0c346a13fa
SHA512f2e72b60a8672ed2af5077edf2600167a60e88e78c48bf1337c103401079a38684b691d2cd0c20f5930f42b01924ad7b6d6ab0096c169b81d950f21bdbf58834
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD59404115e0548cb3db1e369ed29c1ae27
SHA1f72965ff698b257603947cb9382d980ba6dfc1bd
SHA256bc02ce0e789a2e9c087ba8f1ab5743c448ac50b92ef1b774c4dc496188eddf59
SHA5126e1855401c99afd822b63594bbb13e5e2ede94c7f452905d076df8005b2f731f6ec84155cd8b27f49e6e82482a02dacc18d7a0716bfd61cbf4d6998a2b713d4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5bbe8fc63fac29b259435329054bc56b8
SHA14efb98c2238228e83f8e16e94f93d58e7f7dc94e
SHA2560c8ce0b765f9611185b7b967f6f8e4db085172622de279c4f9a72666c53e68e3
SHA51214c6b5e9c7fe389fe07687bd5cae9de9144a385ccbbc1b299dcd0d156f97232229ed043bdadc52d9e9ede69a15a6bb8e9d6c63095d4797d75c1e16eef2b7fda8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
17KB
MD54ae36ff802d44f60b6dfbdb5a477c0e9
SHA1433ed65d2d190995487bc30d962b6e5ac0f0a4b6
SHA256b8ce56672aae8d7e02da6f6005d44151e51dcb89be7b02584ce895aaddf373dc
SHA512c0f7a7d17f3189e12c60a89e9443f56296573fa90316f1bb17c5ea74ca4310ed1f05c3d9af170a25456df2f25e609270bcd3ff2b98011a09a88adc25ea048b64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD5acbf4e7d0c65aa1133360e75b695ef0e
SHA1926920463b63599a465f34469be482ebb551e83e
SHA256fc6a101c39ad81ba343eb904a2ea6288f52e792c286045877fca32d6d8f88620
SHA51224a30281c9456db777842a773347702da718b1e7ba6bb2d031c0f8a2bba4fe4a0f78e202de5639d15bf1e3f65cc2e2c65680b3ca204bbc9eefd957ba662691ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD53c67b88b05a4f80624c561fde0d512dd
SHA1f2f3ea4e8b44e5b82e101a6028a2eafa9edc8c72
SHA2569e89b56db98805959e5c92c3cb7b7c74ffca3b0fb5d9f899f45eef67efb56980
SHA512c05c049bba2ac4584ca1161413b252be9e2d800fe9a0edfd38e0d4bbca78a711bca3c5ee91e064ac28d3453954e96e86ccd1e875c2d1b7758be4b85e59f45c3c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD50d0b409fcfc9442c6d1ac4a956dbb512
SHA1515b71d1bf64e904a20329c343d0b8b181dfabe5
SHA256275b6562f0339d9fa8c54d349c2baa36e5198473e624c9d2ecdbc49174df0b4d
SHA512a99a8a9f578a783ca6da8b263d9a3904c5c327d36fb201bb513ed712ac9f8cecdb4e434cc8b7ffeb2c39ea833b989c96fa299851cec8b8eeefb3abd442538472
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD592664d340150006a6367c7e4ab9965b5
SHA1d3619b171e6312f060f57d3cfa28acc605ebae3d
SHA256cfa82b353589c5b75cad18037fe9be274e698e933cdaf618028cb47e0f830531
SHA512797a22092cc1b70b872a63f3da8c19fde2ab8eae5b2a17a72d1d802ccd08add90fdd0b019aaf9f2d2b7dcb80cdc4209968e40a13f348a4b53b5baba2992997be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
5KB
MD58f7aba9703ae7048eb0d1c353a1f112f
SHA18e51873a72bcf93059c943fe531aadd9e60eb056
SHA256b8c0454ae48caa4d20e6378717f50aa26905e48640e3a5e278582e77e05431db
SHA51295441d8cbd10f2a3bf81f246fb225e8a026bf71419e0df7c431daf298221394fe7a2b2923d9223f932a862bacc81a5c0798df09851648bf98e8e2b2d979eeebe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579431.TMPFilesize
2KB
MD599c438d5087a9d312b0fe3be4494a540
SHA108e6e25e406aa2e74fcecdddbea4d07206cb3f7d
SHA25678c2a48ad747c99913b523b2c89a88f505a9fa336c1e6d260ff489357742ca46
SHA512687feb9e40310d3396e2b599d6ff5c5203046fb3f2676d7c72806f2eae9a64963d88dbc4a9be5c90f2a8ade9a06363ff3fbbc3b44788525fc9fe0bc772759ba8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cb2ccbe1-56fc-4433-abad-4054693f548a.tmpFilesize
16KB
MD520b64f8b7936fce38370ac4045795d25
SHA1c5b4e9ee14e525b0f6f7f0e709ff37766ec7bfd3
SHA25667c089ca030dd47e4d904301d74e6407a75b52ed92c9c9ec3ef0c4486f026db6
SHA51227f069243ad63f2fc27aba26568f509b22c99bd4e35fd2bf56d53732c8dec8921dc43a99b04413a3cc5fc03307ebb97dbf27f92605ca1836a759634a56b7aea4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD55ff96657203fdc65379eef01c967f9b6
SHA184e29ec4c12378f5e095b7a4b499545d0bfb2798
SHA256a14535a545c96f453658b998a72ce58d4cbbc6d1ae81d6873863ef29eaeb84ee
SHA5125248768d74b6cfee06dcdd4bc0e488ea846ae4e4f4ecc3415288fd028289d8fa6aad1b590533ac2c39725e466a025471e43af301f7fd191a2087f548e062ce15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD538a8f121fac9ce48ae25dad361ecb5a7
SHA1dd99b2d38bb237ecb518985d7df12661b73ccc39
SHA25647f21ee338ae391a2af7eef948266ccfae6c521be11a6549e794f9d427b41464
SHA512c83b422f06741b0f31e26f08db661aebeb3bc4b628d552c16afee098fef3767bce2ddb5cd5e9111bad5035a9f33d61db596311ea17132a03a5a513f9a207b5c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5eb70f4ac03c5b811d69de8279e316151
SHA12e2fa364ef1b44a334f658a26a8d884ad54b2ae8
SHA256bc52f20b7d0d2db89601b1d91ddc22372a3f5d3d89df40e942f9d8713fa841c9
SHA5121facced00d9b95be3ecbe83830302d6150c4853ebf0cf07e66b0dc2b986b559955c1219360f72cd0548a9619e783da36e418cab5089eacbe7f652458343e7316
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50ee5449f25c7094e3310dec25477375d
SHA1a6a34d3d30897f39fbe237685f3e0ca61337c367
SHA2560f6476608cf07f4026af39afde5fdcb0af9dd7a87f42aeecb423a099f040b7bc
SHA512aee4df642a34841e57cbf07fff1dccb9e46a74c429bcba131631d87820db552064b2f07c82ae650dac9d1e986da3a0d8bae523ae41b5a16523ef607d63f9b408
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c82d1dfbb7ff2d71fc3ddf8e67426ac0
SHA1f2306a5892faa88c0980a36b15ba5983d61556c3
SHA256c90c4fd2365ecb177c1defc7ad700037028de3c7a0cacd9d85936c5bc20421c2
SHA51241b819188c1e21673edfc6b83c980c897396b1cedaf9246c144366dd9ac40cc3ae73afdbc47d03c1bcce882668f64bac91b1e319ea89c13844904d71880816f0
-
C:\Users\Admin\AppData\Local\Temp\7zO4C37EB2D\Cheat.exeFilesize
413KB
MD570f255604c98fc3d15c0430315321691
SHA1783670eb4cc0dfd7e071668781863ecae4c3400a
SHA256d8ba293e3680f84b3b938b7861eaf4b79050f35f04cf323b9d6a5e72287451a6
SHA512c2dc8a23d51bf8de637440d1ec9cb4f103c05bfd733d6f21996b928df18eb5c1bb3ad939ceca7b9a611bb9169ccb4c8d58a933d21e9ec15a55cd96064aa4429d
-
C:\Users\Admin\AppData\Roaming\d3d9.dllFilesize
441KB
MD50ced892dc6737e283b6ed7822a38cbe0
SHA10917bd1f076284bbca1636d376db16336932fe67
SHA2564a9625fc273f123e07b5648306082d8a1156c3ecfb935e16d834ace2ee4b93a2
SHA5124835af6206d82a49f8b96133c6af41bfca66788ba1a90b22e252f733fa2bd82622012d5749b36cada5797e9ae07dc00a097300e0bfcc1d45668214240900c537
-
C:\Users\Admin\Downloads\Solara.zipFilesize
13.4MB
MD53583890b21e03be6f626b0bcaf1b802c
SHA145f21c5b402f125ff955839bf25b1e17213078c6
SHA256333d63bc9676159ff8a9d18692a18c748ff74631a9e82f85a0536626fbe57c1e
SHA51207e90b33f3dcace4e5baa7b0dd06df638630dd657ae7a719be9d86265be5c08feaca13f69e95654920acb9d33d160bdd30075e6e77075e9814810ac9304286f0
-
C:\Users\Admin\Downloads\Unconfirmed 603930.crdownloadFilesize
1.5MB
MD5f1320bd826092e99fcec85cc96a29791
SHA1c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a
-
C:\Users\Admin\Downloads\winrar-x32-701.exeFilesize
3.4MB
MD5547e29c3d612a26d41545a31e6bac6c5
SHA1939b73086c7c622e86fbbc1050d8cd407cc0beff
SHA256503d7256ab2198b774c91da1e100960b40d333bcbd1df0bcaea68cfed3f2599e
SHA512b04f136e6075c661230b9a01ab3ec94c1b5273f2e824947721c8cfc51468c51ed63513875776d59e665a50218e370d767e392ac3d10db0e385663c16ca361d7b
-
\??\pipe\LOCAL\crashpad_1984_JEUTNYDJFKJCQZSGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/6184-1441-0x0000000000F20000-0x0000000000F92000-memory.dmpFilesize
456KB
-
memory/6184-1442-0x0000000005780000-0x0000000005786000-memory.dmpFilesize
24KB
-
memory/7272-1471-0x0000000000400000-0x000000000045A000-memory.dmpFilesize
360KB
-
memory/7840-1451-0x0000000000500000-0x000000000055A000-memory.dmpFilesize
360KB
-
memory/7840-1453-0x0000000000500000-0x000000000055A000-memory.dmpFilesize
360KB
-
memory/7840-1448-0x0000000000500000-0x000000000055A000-memory.dmpFilesize
360KB