Analysis
-
max time kernel
145s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 09:10
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
Protocol: ftp- Host:
94.156.8.173 - Port:
21 - Username:
anonymous - Password:
anonymous@
Extracted
lumma
https://contintnetksows.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
update.exepid process 5572 update.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
update.exedescription pid process target process PID 5572 set thread context of 2804 5572 update.exe BitLockerToGo.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 620 msedge.exe 620 msedge.exe 4012 msedge.exe 4012 msedge.exe 1108 identity_helper.exe 1108 identity_helper.exe 4520 msedge.exe 4520 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
Processes:
msedge.exetest.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4744 test.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe 4012 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4012 wrote to memory of 3244 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 3244 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 436 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 620 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 620 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe PID 4012 wrote to memory of 1968 4012 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/solaraofficial/Solara-Executor?tab=readme-ov-file1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe811746f8,0x7ffe81174708,0x7ffe811747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13079336565667929782,10911846996049579156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\9.7.6\9.7.6\test.dist\test.exe"C:\Users\Admin\Downloads\9.7.6\9.7.6\test.dist\test.exe"1⤵
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tmpo77rvvwy\update.exe2⤵
-
C:\Users\Admin\AppData\Local\Temp\tmpo77rvvwy\update.exeC:\Users\Admin\AppData\Local\Temp\tmpo77rvvwy\update.exe3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultfc2a337dh5344h4453had88h6ace25b1fbcb1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe811746f8,0x7ffe81174708,0x7ffe811747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12229452006895822149,14938112946969090027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12229452006895822149,14938112946969090027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault68b6ced7hd8ebh4949h9cbdh93be50af0b3e1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe811746f8,0x7ffe81174708,0x7ffe811747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,8203062735321834337,446760177613559404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,8203062735321834337,446760177613559404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:32⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b14cbaa2293aa42ab4c998f547b149f8
SHA1675ac4c5603685522425b06382ecb1a53b24abfb
SHA256d7af08eb80ac1571aba0a7d19b735f848443bddc102ebb8a407743b61248dfe8
SHA512a230534f60a6ed5fedb9f211df44d63ae4722be7b0d03cdedc54bd7a3af927e89335cd7aceedbe8d55224572d5d7761edd9a2c3c862ab156397e5415450ffd51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD560b30f1051a3673bec854673265ba158
SHA1580a6d3aa0e4d878ee4e2d88253cd61b13a91dda
SHA256dab386954a08985e374627ab22f0ae0bd9eff44968963f750b5b328ff82191bd
SHA51221dd5af66fe40237bd181b158478fd7c5f6ef7db82c2723a832c3e65a6d4d92a9461703adcecedab5e7c81d19e1e607df8d70e6ebc8e6f2dc777ccfd08c85cdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
679B
MD504ed3d016204d539ae1b5f32fdd76dff
SHA18830765d7f614eeb8ec4989b63c6098f945d9fe9
SHA2568790ea3a73640459b5abfe5810dfcf1bd4e577fa2fc1ead8475f59727dd64953
SHA5127afe7965480b745b4aba984676294ae2f4118358d978e519f1798e746b47db15c868ee5bd559a44c8d044e392f4a8bd90630d0460f121023f95524ba3aea7f0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD55b8c17e7c0ae06ec072dce102bdae0b9
SHA111483d54893909a70387ebdde63f73f3e0391cca
SHA25628cffa1d76952f8d9d8d3da852c4a0b3e1ee5b101a38e15ed704c31f895c3f23
SHA5128c81c20526954d41e51a5d023a0dc8a0da3b7df5f002ff4505034e62119bc01068808a5aab063df476011f173feab6ee4f152f42a66d0530e36591e0a5cb302e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5770eacc1a8ec02d677626aabe0732da7
SHA13166b4665a4a83d4d1eafc71bf4cdecdfe307621
SHA256f1e177231479a09af6d109417893edeb630bde6788e20590d989b1a550d70927
SHA512a36abd8de42ba9f7f511b3d7d7221f5461fd409b700d24bb3461d5953a2cff7c7e46c1990cfca0c1c3084fb67b165d589d5c304a4890b2135a224cb8c7edd729
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58102b75c5f968f1882bc2a3524db1a45
SHA18e13e9092a6a4561f591016b309fff87e319408b
SHA256b0b894c60d724c0e4497096c7b9d7aab6a4b30ddeb898e20b68acd116e550bee
SHA51225a8e2ffe0a4ed47eaa622d653e59d1b1f975b2fc862e27496ed4b3d857a23e1d93615aba030f09f5ec0882491aae14f0212d6fb25f785973216e3a4838e2554
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5b14ce447a85697a319122e5abbf80f31
SHA1d0dad6d4ca9e7cd3c879d3ecf958c3655295252c
SHA2563bce2526af7062ff5b6c6a5501be1b6a080928466db9dc08bc9bf57c9aeeab43
SHA5123d148b10fd145690835bf1380ef31b6bdb36cd42c511883b8f5ba1b263af09ff0dac833208f57a58728c720e1cd40c7c979220174a35201a16920cbe987cf749
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf97.TMPFilesize
1KB
MD5432968300cad2609ae2a28f48af174b2
SHA19d3e096ec67e2781ee7265a9b9281b67efa03d29
SHA25605f24c3b3ced2c9fe0b63ec861cde1cbeb2239347eb95c7f59868b7afd048f52
SHA512c6e19e8013b3273afa2e3a8effa07c8b97a877554e9fe96479e05b87035b814a25451b188b042ccf8dada97e9ec02cfdf3714a86fe55351b3f2e5c241b05c502
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD514fd865ca18f3e6e085cbcf1efed05d1
SHA17d579af1a65b7eb9c166bfb92b5dc3736dfb280e
SHA2569fd08b27bb4262834ebc04068e7bd2d5d5ecde5089cd048cbdbfe393c621a051
SHA512160a160983c70057639f312fc31bef8ab2beeda1c51f006319a3c5a4d98cf773ea0f55481194be6e8bc3a5091c8139484493ca9e1f192be7e7cc47e1a99113d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD595085e059999f137c7651ec7348c4d54
SHA12b1c1163972b3ec3e3727adc173b4ffbf0a38085
SHA2565a39634a37dd1d194478579eaf8eb24633501685c041d08c2550c4ee3b2333c3
SHA51296fc735881aca0c3c8882e74a58d7d4af5b3cba46e36eb714bc810ae3c7c41ecf699ffe57cae1c91d4e358492985a14debc0efbd77731b30a8574e8316295021
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53f95807826a9488b311557820080356e
SHA12ef00987a96a5c40bd5731c66a6e4d6270c5749c
SHA25649bfe85672c596b389c55818543e6ee844469445e0d43cab74772ce23a9a47e0
SHA512ef5f0534dd655c0056e26f743442ee043b01f7644238b049c847f2ecd24d303ce305a2ed51e38e97e633f080f8ca0353cbdea25ad989afab385570c3f42e91c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5c8a1e943c4283482deba14cc96f2494f
SHA1eafc63e32131d42979233cfb9f5fc16d2d44653e
SHA2566a25984806282230f799d0efca85be0d8b0fb2abeff60cd590de8980260e323a
SHA5128ddcfe012785928b2abb557a26852c50cad8e79853536fe0917ed50a72c07fbafdc2d1109206548e3f1d9d7b2d06bf7d25f0a64ba5065eba66ccf7031965fde9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5af1ddb6902e27ff19402d37c4cd44e83
SHA10850c9accd08fb4f1735a7877e956541d35f3b52
SHA256911567dd0ddf4a098d784801d59e7f3ed227e23bfe5b7794ffe7ea7541e917bb
SHA512123bc618c9d36f45c3a5c2bc53f677116b011c700b3c60d87ef6ca7f578e437f5e67c893d32746baaa3c060d58250df45c8f660833b9254fbfff49a258fe46b1
-
C:\Users\Admin\AppData\Local\Temp\tmpo77rvvwy\update.exeFilesize
38.6MB
MD5e63f98281ebce64657a55cff7d8cba4c
SHA1d0b069b6d8f7da886e87158e8f97c340e53f8d89
SHA25695afca9bad756e9ef453588ea6ae128696c29cb07f24839430179b1dfa12e34c
SHA512730837fbc6dc366686b2d7fe7839084b7472c2df72bd9736326305ef3ee36531a7ea317b529a51683bf6962867795c2c1aeb3b2960f37cc7021852b97a90d705
-
C:\Users\Admin\Downloads\Unconfirmed 569972.crdownloadFilesize
21.2MB
MD584ff8159a2b0d4ec520b3ace24f76fe9
SHA159893e5c319fa69af29f26744f5598946fc32442
SHA2565835594a7d29cc3b25e373ab04ffe6137efccf1f10f89730d18353f43e2c60c7
SHA512bf274953f7f2f2740a9d108f9885526884ea583ef9e1d9efca24d47c1496efabd7d6883fb7280e5e236b3fbda47b3f6a00772742e8c9265b9ff6c8dc30a8d2dc
-
\??\pipe\LOCAL\crashpad_4012_OLNZXNDCEKMMCBZLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2804-377-0x0000000000B30000-0x0000000000B89000-memory.dmpFilesize
356KB
-
memory/2804-379-0x0000000000B30000-0x0000000000B89000-memory.dmpFilesize
356KB
-
memory/4744-355-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-353-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-349-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-265-0x00007FFE6CC40000-0x00007FFE6CC6A000-memory.dmpFilesize
168KB
-
memory/4744-365-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-369-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-264-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-351-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-381-0x00007FFE6CC40000-0x00007FFE6CC6A000-memory.dmpFilesize
168KB
-
memory/4744-380-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/4744-314-0x00007FF6ECDC0000-0x00007FF6EEC6F000-memory.dmpFilesize
30.7MB
-
memory/5572-371-0x00007FF6CFEE0000-0x00007FF6D262B000-memory.dmpFilesize
39.3MB
-
memory/5572-378-0x00007FF6CFEE0000-0x00007FF6D262B000-memory.dmpFilesize
39.3MB