Analysis
-
max time kernel
274s -
max time network
251s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 05:06
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://thunderstore.io/
Resource
win11-20240419-en
General
-
Target
https://thunderstore.io/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 688 msedge.exe 688 msedge.exe 2680 msedge.exe 2680 msedge.exe 2168 msedge.exe 2168 msedge.exe 3740 identity_helper.exe 3740 identity_helper.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe 3464 msedge.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 672 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe 2680 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4464 MiniSearchHost.exe 472 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2680 wrote to memory of 4884 2680 msedge.exe 76 PID 2680 wrote to memory of 4884 2680 msedge.exe 76 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 4060 2680 msedge.exe 77 PID 2680 wrote to memory of 688 2680 msedge.exe 78 PID 2680 wrote to memory of 688 2680 msedge.exe 78 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79 PID 2680 wrote to memory of 2496 2680 msedge.exe 79
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://thunderstore.io/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80d903cb8,0x7ff80d903cc8,0x7ff80d903cd82⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:12⤵PID:4432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:3316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:12⤵PID:3192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:12⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:12⤵PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,13202008527582692948,1991758622680999168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵PID:4992
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2964
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4344
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4464
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4300
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
Filesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
Filesize
6KB
MD5e63d1803c326ff5f618a703a5dbb0d56
SHA1c93b330b0f7cf6aa3a9ad15adaba7a429f72e450
SHA2561a33582084705c4bcc616f114b89567e3295922fd83056d8991e065b9751dd2b
SHA5120878777ae07b384327d6b4a4ccf11a2e90a96d0394b802792565093241097d2a73ce2217f2a648f2d493f475667e29130b5f8756272ce8bd7839286b45783baf
-
Filesize
5KB
MD552c9327e46a66b37f7fc4717ea9630ef
SHA1ac8b2c9dfcba9dae490c88a1cee6b911226c0eaf
SHA256460ce67b64b6e35423ab45316b4f8b14c8db5cbd665df858a0f1b323c47cf218
SHA512c3ff076fd37de38ae3d67ed6e2315dfad07b0b17cba02151db4acea34577699b5eddd83948fc2131c468b7cdf0193bddc35b1dbc6f443c28bfeefb65183acea6
-
Filesize
5KB
MD54a3f2cce1d6978187f7e29d37411a895
SHA198b0655bec00c18613c2b889613f77fc4126c7f7
SHA2569d456691ef5f41cce2f9e2846553aa949653d76ba63809fd4b56209a787b06d0
SHA512ba2104c4e7aef03ac9bda2f11a5a0595a93277b32659b49b4acd05fa5d51960a4db8694677fd57b01279d5ffe26982621f322dedbe0c04ef18fe01b8f969ca86
-
Filesize
5KB
MD5dd009b6cc183cae3e7e21db6f3599bd8
SHA1f011ed0999bd1eb467fecc6bcb2399dca3383a83
SHA256eb4989da14149e39a1949fc6e4eba290d25f0158497b3d5c4c5a1b9b8c79340a
SHA512dcf871d55d77cfc67655526d32d3c1c90906ad9ae4a6297baaf1c2df4056614b2badbe2e547691444693207f047d2d7d8d3b4ceadfa7acad24339272748ebe1e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
8KB
MD5882da125b2ec52e28589d63798e54bc9
SHA195d60860a4c3a74551f655d1d939f22d0f3fcac1
SHA256ba6896df163927ae1198c93d480106a50152ea5f2e0798f6a966e04c1765bc45
SHA51204f12effbcc49782dc1e9341913e93603521818ef7022ab0c15f9f03f1a0ea028f656a4a16947d3a9a705f63070512a6dc69e22a401a59fca7733f4bdb3c84c6
-
Filesize
8KB
MD5b027862d68fb996fdb55ca23594fe38d
SHA171d01d3930295688e365a524e3b0da3da0eb415f
SHA2560cd99bf284efb8d09eae1ec7037b9ef2785ef42e0804496d55a8c16275d29d41
SHA5124e6b374e6801fd95cc2c4bc4904a7692e0e618c73dfed2c76e9434954309625d745e59f195c2eea2699d3f2fa57c07a125b06f9f55e63db0211cdb9d1a8d4329
-
Filesize
8KB
MD56c94c44dd39a8bc61ca01a2c6ab41cfa
SHA12d01c895623f2ad585d84625d5287e8ea556884c
SHA2560c27fb817a82c8e64fc83d3bcde4c068e1cf941dcdba75435b2f5551becdbaac
SHA5120140b5e4e031544904b8012e9f2c011a3a4f378c60e94f295ef1ddef2c8b53f4ddb1bdc231da3eef9c639802743f5e553cedf18b9e4f20a827dfbbc9be47ed49
-
Filesize
8KB
MD5c183af9e7119780341863c6b6ecb3dbe
SHA15d17013a8db7d0d7490b39251ad6c6009bb240ab
SHA256759223c4512cacec6124bcfd46edcdd0aaa7e15cdce552c2bb83b40d5f1e681c
SHA512f842ce6e2e80b5ca5c813ac54e90b7dd18f69f57b4ddc560cfc997196ba534477a330bce6b87764a1aa750fa8fd52f11de22674fc349cd1263e72f8cc4f8239a
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD518951ad4190ed728ba23e932e0c6e0db
SHA1fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0
SHA25666607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915
SHA512a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5cc839adc44972e9aac9738d0cc909016
SHA1ef211f2b31994b896a2dc47112e13a81e24d92bb
SHA2563518cdebb360a2f83ec3ad31b8df6b30714f4adda4dc1c96fa9529a2fe83fc3d
SHA512aa3544705024d2a98f92ae1e56f7599b7612c18dfd5120941d8f723cff2136433ff95335482a78d488681d7c3fdf6d332162ce368a2a4b668d759b8b920a2e03