Resubmissions
01/01/2024, 03:39
240101-d7284sdfc7 101/01/2024, 03:35
240101-d5fx4adeh2 401/01/2024, 03:19
240101-dvanbsddc8 131/12/2023, 02:24
231231-cvqtwaegdr 131/12/2023, 02:21
231231-cs7dvaedfl 131/12/2023, 02:01
231231-cfzhgadcf2 131/12/2023, 02:01
231231-cfywyadce8 131/12/2023, 01:24
231231-bsgmraffb3 131/12/2023, 01:19
231231-bpzn6afbe2 131/12/2023, 01:04
231231-be39ladfc2 1Analysis
-
max time kernel
320s -
max time network
742s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
31/12/2023, 02:01
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Resource
win11-20231215-en
General
-
Target
http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-771046930-2949676035-3337286276-1000\{E93BA689-A1C6-4B49-A825-85D0DC6BA4C5} msedge.exe Key created \REGISTRY\USER\S-1-5-21-771046930-2949676035-3337286276-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 1552 msedge.exe 1552 msedge.exe 884 msedge.exe 884 msedge.exe 692 identity_helper.exe 692 identity_helper.exe 3460 msedge.exe 3460 msedge.exe 3548 msedge.exe 3548 msedge.exe 4680 msedge.exe 4680 msedge.exe 4680 msedge.exe 4680 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe 884 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 244 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 884 wrote to memory of 3568 884 msedge.exe 79 PID 884 wrote to memory of 3568 884 msedge.exe 79 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 2920 884 msedge.exe 81 PID 884 wrote to memory of 1552 884 msedge.exe 82 PID 884 wrote to memory of 1552 884 msedge.exe 82 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83 PID 884 wrote to memory of 4100 884 msedge.exe 83
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef5d13cb8,0x7ffef5d13cc8,0x7ffef5d13cd82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵PID:4940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:4880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3932 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 /prefetch:82⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4988 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,12028938084342370344,3520752983517216819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:400
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2552
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2144
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:244
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD505ed8d7350c6abddb2413582af13b728
SHA198b3e6793352038355ee54fc58828e5ca1cf0f77
SHA256878b0ffac96b1428cb415ab15b289258dcf9fc175ac2571622e4dc1219f32c01
SHA512b80bf631b56588daf08570c05aac9a67cee414403149c223a005a7dd9c81b5e8d4c6f175815106f039d47c1bfef875ecbf65efba106d5107b137f2aabe446058
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
69KB
MD5c33c3755c9bc5c370e51bd72a524da35
SHA17b4d2ef2b5e0188562afcd4c87060a809a7d2919
SHA256e30aeba2b555fe999989e290128024451d7b1bccd13060ce16990a39937a3113
SHA5127c656b1f7e9806208c87b1f22d27f07f400c5bdd3fd258056a4046c7999d4f83f6c473800b09e36450eff9ff9dd86d045eedead515aeb4bdb55e9d9889e90de5
-
Filesize
23KB
MD5b7f2753a2d9eaa78ab31f64052a1e132
SHA10f67da6d1e4e4cd474ef4168d1296d6a55de0a1a
SHA2566afda9f7927a4986d4b4760c1da41074295fad1232b5130a9005474a0f5e3e4e
SHA512587794699751514a0d8baab34a898be8cd5bec6fbba246adcb27416c3762aa63099e2dc5780669c09a7138d2eacce550bc5f3776b45f44fc2b676dce4dead432
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
85KB
MD545a177b92bc3dac4f6955a68b5b21745
SHA1eac969dc4f81a857fdd380b3e9c0963d8d5b87d1
SHA2562db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb
SHA512f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca
-
Filesize
1.0MB
MD57d8d1f5f623293bc2cc19dd0745835cd
SHA1c7391938f1fe2a5dbdf25ef880c82aaf2f0b6ae9
SHA256e78864526098e567cb551b450ab864e97afddc26dd16d22a0b434fef84c9ba81
SHA512ae4e727ea7dd57ca233b38d719f5039fcad01c7874139189ec772ff155a35db6bc5ac8e84456738ac95d0e8c20a78baf12f41643d8b300c154e90ec9bafd4af0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD597daa7c78664c086a08d2a960a31a927
SHA19c410718030896ad34046ba29e731f33fe6e2526
SHA256f245a06b20d37c81ae30c5801670ca2ebedf697a31f19fb6cd022478bb79be5d
SHA5120ad41d255d2e33a43bc06c8224d8734403b46e2f87a6668becffeb48b8c55568e2717d99f62e91d219c2864ce4a522198df8c9d501ab2a71744af6d78069ffe3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD538844a51eb030c27d019a4af60023a1c
SHA1fbde987e2bd7634bf153bcea262cd4111886959f
SHA256d5a0d3ac8de5d3eb65a2674e99de1e6ff58f6154ac23c0fb7bde1e4270033226
SHA512243852b84ac26d529d4b2240adbd1696ee8bdac34ca0d4c955b58d6ad8e1058d72a3369afe000d851e3847127db08c915e2d3a9d19345d775e087a53eebb94bc
-
Filesize
2KB
MD51ca4d726ee547e87c2f91fc8e8a216d6
SHA1edf69dac62d5d1ccbbb77792ed72b52c8904fc39
SHA256c143062f1ac46037937edb8362df077abf938eccbaccb877cea20ac633f7b2d7
SHA512931bb2f868a485bf14a15cc3b635e775dd4270ce0cabd92d31a1524b1b56d6793f0dbf2509caf1fc5d7c31a6a0de77a09569d37b5888bf28fa6ddfee129f1c9c
-
Filesize
398B
MD53afe89e5d880c04758d9dbeb945cba07
SHA161f1a5d4a1112ce26c0d2731bfebc0d2e3bab56d
SHA2566c028ff13095386c526f56159c6cccc6a9d33c0b1ededd9273bb31518e66244c
SHA512445f63744bb9b86356d33c8908087bff08e773f210960cead5d214f26076659637c3a22396337677cfe0f4425bdac24564eeeaee3a8b46028f8c28d42135fbfb
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD5f6bdb42d58d6c89145431c30f2e2a480
SHA17ecb008279193e791ca2d7c600299673fa317446
SHA2566d1b7af4a7f96b8522552f897f248eb5a74f88de83a160674c31e139b77fedd7
SHA5124820de95ed728fa203229a1c3d6448e762e37ab2fb9b23f438d91c0822184e21f1451cec1d1c7a916af93467ef6c5a6c2b977eb2022544370aeea65b7e0107af
-
Filesize
6KB
MD5e36fc1ba532bd99360751829af9359d6
SHA1725498cdf071cff6258e2cbd87a126913d9ccdfc
SHA256f1ccca6fab3237d93f7a975f796970f1f31fd7794cf641f480cfba9200a31ce1
SHA5123d0546079b0151fbd1b82d287f48657942c41d681bb3af19264222672973b89fd90cde7cdad7cb6aab2f4fb59c86b29423da035c6acf902a4166aa7a521101d1
-
Filesize
5KB
MD5be0754bafe376a3e2dde8d0e31b2d238
SHA1ae6dad955387ec6ea3689ed469fcdd3013936e60
SHA256a97520d9f4bc16ab595e7a57f11a938c07ab816336c5ff3e4bcdc1150e7911d2
SHA51281b3c07d39bc6fe583fbf7b543cbea39dd5ebc6dee5f0cee6389755cb7cea3ffb7f6d06febc41557f1ec1e3c282ce4a43f5d23d602d259d1b61d8c96ecc7b087
-
Filesize
5KB
MD5cccc98574011a33ae8f1f5d14661f7ef
SHA13e5e65102ef945ca99d1d2b3497b97acec68c5c2
SHA256cdae18aa37e438905db93174a3fd42992bac5f0ca5083ce0dc0c978b4a46ba67
SHA512be2a00c096b040a474e564bff1aef34f690319bd10bf2f36db4e2d230e04ba9a12936be98bb59be769e0039da71ad6ff4542e856d3e3a747eca0719e9c64832a
-
Filesize
7KB
MD5dbd537365a4f15713a3cbb99e43e28d3
SHA14845ce8f5257a128cbc55ab77babd542f8f6a47e
SHA256e76c1764b79b029591f64d47177147199f1c8919ad27654fcf2e586bda5608d2
SHA5129ad5704ab0628028cfc6bd765a3bdf76756c076d598d1848fbcc796dc55f034d2045de3264b075a95cf2439fa9bda6af18cd2fd49b32480df6c51debbdffac3d
-
Filesize
5KB
MD58a85982d2054f7a00bda4199fa228c25
SHA1adb1d3a556ec0a5e1e34bd2eecb5c121a3a490a9
SHA2568b5fc957deafbbc0299f75a2591d2c652cab3cdf75f02cce7f20fe29494728be
SHA512146a7d9ec6081108423411d7ea7ca9f4f40cda20b81360ae9995e732e1b9fb7545d7884ee5e98ecdea5e3e3447128beae38ec0b28dce87d54042ecd8d8e638d2
-
Filesize
5KB
MD5631ef2d5445bba330c2ae8d9356ebaae
SHA1b5397efced98081c5d4b8e8044fc09073e92d5ac
SHA256d8cb2dfb45ad6fe48aff71121c2f03f3fa43a144c166c3556a294727285d3756
SHA512591f946f2686e82153ae6952ad938bd30fbd527f1e2f5811f0583fc612caea3023875b844b47edbc288bf51089cbfc92845ac3631afdfd92e8a21ccaa34e660c
-
Filesize
6KB
MD5903e3ccbfe19ad78ce6faa169d264f92
SHA1a7f79b37c3861fb5046293d2f0774f4e1c71744b
SHA25605ab9daf95b245c9323debff164899db3d428b323d9be2191d97053683ae74a1
SHA512406cc491002e694c6904e30b37695ea662ec7f27b4e244d6607191781469da80b8d1e06b618e1bef33e9c68866352a8b8147cdcdd8a316bf337c9b86fc9c0fd8
-
Filesize
25KB
MD53da3cf652acf7e0fee298963e8cb77d3
SHA18d35e8ba0767c10324335e8fc8f5c422ece4e504
SHA2569b436ba7a14d3947bfe73fa9bd581f6fbf0acbf26e97a3a54d6d032d19f8cf64
SHA51289e9555edd366fedaf79bf4c6da816a69fb220c987337369511c4422034cad486338a261eb6954d000dbfa636c969d04b65de62bb6df9c023ca5e11c892ee83d
-
Filesize
1KB
MD5bf32fe77e92d389339f396f3e6e4e862
SHA18dc7f0296f16d3bf989dd3f4b97702b8fcb06491
SHA256cadd6bcda89b733817b999253d2a17e50dc301f32148700f1a9223486342b348
SHA512a5bf37f8f8a6613e656c56e809aa271d0ae10caebe67f291c3c4602cd61ff1fdf6c2199977516812abbfbd5baff09482b820c16d56e6a6edeea9751a408a0b67
-
Filesize
871B
MD57d7794ab827247ec4436ae1e4c22017e
SHA12ca9264cc4e8e876b2cec63c24d1d23fae41174b
SHA256a049ad48b68ca628d9771588156bed3e18f9c4e878740180a6c685635558775e
SHA51292c34259f0262dc1b837d177252b42bddef3ae0c823abbe6cf054c32d7c00759bf53cc79228805500f00c9c5313704f6f169a4c2528505d80df0fd0425d30383
-
Filesize
1KB
MD5c083447f2fafb7668a87223f990cf2fc
SHA12a049ab6305a72f6e1ca49dd20f611a9e1ba2ead
SHA256dff27c585b79b35de7da522607fc3366740bf37ce68240a79bf259334ad2a88d
SHA5122cc26470bec69f010117748ef51ac9b2b62b155532fae52dc5d5a410620acf6a8dc019615251c0993f52aaed34ea80ce1b5d16391bf9ae3df0460a63e2aff679
-
Filesize
536B
MD5f6ead64328b9908a9e6b0e9226543332
SHA16d7031b6947addd9203eb2a6b06388ae7eae1055
SHA256dc4063e24056379b599a93441788fc05719db651d8d31c37a664fe9ee7da4929
SHA512e01fd5add889c2a2eb5518245b08a66526eb158c556c1eba070a6310c62d6419919fd68e6bbe97e67785f1b93bd474e4819e6c5875a41638e69639822e5b72b4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5cabea521b07a69faf9ac72a5264bafa5
SHA15fc24fc0d79fd2f9ff0db48ffb8745e9cfeab6b3
SHA2568d00f8a08760f5e2f037418b41b0ab3b5e191b6ce7b8e57b70c68ee5683c55c8
SHA512eaf5305c003489e89cb1b5910b3200cf99800e85c672fe397b3ca61992cd6f83e5089e27a91ca4d2b1d3b6e684362bc1614ab53e00cf6ead3ca3299d83b047e4