Analysis
-
max time kernel
300s -
max time network
299s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
02-10-2024 01:32
General
-
Target
https://triage.com
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://triage.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf8733cb8,0x7ffaf8733cc8,0x7ffaf8733cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4920 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,6570866407195689652,3150168563132807458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
70KB
MD54308671e9d218f479c8810d2c04ea6c6
SHA1dd3686818bc62f93c6ab0190ed611031f97fdfcf
SHA2565addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a
SHA5125936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
27KB
MD54aa91eccee3d15287b8f2a01e4254255
SHA1d89f8203934a66b5741256aee086c04f966cc6d7
SHA25679c601189597c9c5691b763f0ec6fdc9ec8339eea80e49713f76e9fe9199a7d7
SHA51246424f50d444aebf1dc3a93607b3a374d3e7e988137e291cd8ec28211d05a687d0b6214b45d6dbfd27608728df6b34138504e3343e6bbfd6e1c0af98199179e2
-
Filesize
213KB
MD5f942900ff0a10f251d338c612c456948
SHA14a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA25638b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA5129b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41
-
Filesize
3KB
MD51cbd853d694051af82940a6eb7342af4
SHA1c785fdc96017d33a60a6afc6592fe50994071b7e
SHA2560f6a80bdbd1d4519f87255f6325f2afd235f677c3fc8f65b0838842b4bbf1281
SHA5126e447367a6bcf205618127fc63d7d8f48625615224c5409f78f142e70f156eebf5b62195e35c488374ad3deaa1215baaf6b85f00a63d4b8377de55f48291175b
-
Filesize
3KB
MD5cb5c579a47ed12f0f135f5cfebd95a63
SHA17858a6f84e351f2a8a071eb3d49e2cf724f93137
SHA25618f8d8d0c9fe50dd38096db63aaec80130162ca60b272c326812bd33c82347f5
SHA5120eb3c14b5afa3f3fa61147e2d44c6fbd2332f1061b5736f0ba896127a78770078b5dfde870f598274bd7c17039a404c97e62a8ed2f43ae0b5b522d16483d27c9
-
Filesize
2KB
MD59475df98414dad9e31806b844a2f806e
SHA1535de55f0ebe6f38a7605e7ac8bd1e7ce7c49b7c
SHA256ac144f22ef55e39a792ea155eb2b613ec0c3c4ee10d4c39ef5e5d1e52ba3e5db
SHA51267ead729cde55fcc387e86d292e4215063a8a816d89685657d41c7787f3dc1ca88c1b009c8b2c98f89066d6d4d8d44c6837216c67c8d8a93383a5cec5dbac95e
-
Filesize
3KB
MD5e731601f85effa869002daba602c9bfa
SHA192ca8d9d0f4d23ba1ae6956da937108d2c9ba6ce
SHA25655bbc0feb255cd36de9617487f8349afc8ba93153659cf7c6911bce0f3c3bee4
SHA512190b1c7b1b5f67463f21b8dcb155d0ded0c756b300e6c067730f2fe74e1883519d5ea0f3ef9fc481f649f047f5b345a50dcdf96be8005f892d2c8cb2867a11f2
-
Filesize
1KB
MD5dc12edf7709c967dc80fe14e4b9cb00f
SHA17b7a25271ab8d4d950c4bdf9c6de3a0561d61e0e
SHA256cc3bdcf4141349808f54bae6b22d281ed047d4f4e5fe83c7d0b62206a7abe03a
SHA512c59ac82d3da8f39e4f104b3ef1718706d1ee5e5759fe3072e00eabacc826dae86840c4327cd3ef34b25b429680d17aa5e9d986e015227c530ae4b57894e36f82
-
Filesize
4KB
MD5c6c182f5584e2863318053d155074d15
SHA1ca4f0444f7c5e4a2e78e651aab32e15bc9a79800
SHA25643921d3edaf985a61181cec222270b07478d2ebb86090ea8f2f6129840417a4a
SHA512209025d9ca3370e8999315ce8363f42a5870a545a3ff1b4b255ae420662d5cf76400d51c6589598854552ecc579a80f23b9a6f5a2fd19dbe4487d84604ca64ce
-
Filesize
2KB
MD5180bb4f8bb8d5918792ef24855c08a2a
SHA1b51315f6ddd2071a32b2cdbf1810bb6a6ee6e919
SHA2564c53a11b1186230bb188832dd590325d616939c09c5b585e042cb5b98a857e32
SHA5120ee286fd681b89f3c675a30fa93c9076e39554412d5db1c6303e57c11a74d8dd168ac6de7030bab3dc4906cb40435aa063fcf19a9b38fd5a01a0a596bf3ae7c0
-
Filesize
3KB
MD507f2e6e90f9540fbd62fedd9f03213e8
SHA11dd8c4ed7e0acea5e31ae28696183a321ffcba7a
SHA256575952b5ec59e2db00937b5d0afabd0e4d58b09e738e5ca81a34159e8da19166
SHA5124fcc55209225773f9a26b7470dc0378d6ea0ba0eda009fc33cf39385dfd7ad1660dc71b2902fa39526fbddb58e2cfbc2175ec226ab6e2594171dff17e6dc50dc
-
Filesize
5KB
MD500c1f2d92f4640e19e94b813205ee3a3
SHA1f513f79fdf49a242b1db6613f8d21a3ccc30950a
SHA25649b2b4957227ce33d67b18a2ff3c21e8f5f12a4034a86f6b8e2befe8516968a9
SHA512a531b719ba7f270f0db2163d2a06a2bf4e4f1c0bec1f1b5b6fc6bb6de1bb0c3d808b6009bfffe6a93a69bf130fd51572affb4e6207c2b6442adf2e9c381829cf
-
Filesize
5KB
MD5c319b2b5738b4ad8b29a3fe7e9edba35
SHA128fa2e97fe9cac964f9be0f20b2294b12937170a
SHA25650b4ed319971bed6cebb22aa62d2c3304832f87c358e69ce7dc80ca1667a0415
SHA512a648e352bc93bb9c507f8afc7b3994b40b126b19adfb01768ffc5360a699b7b744b58213c5fb3e982682b783463c593fc39890ac309c354a21997ef6aef15fe7
-
Filesize
8KB
MD5ec1eb5a85fb1ea3bdb7843e4cd6a2e39
SHA1119dad76dd373136c085d01348ecedd46003ee6f
SHA2566f34d7aa55d8a480eac64c0f7b53de6b89ec656b67356c07ff23b92295afbd51
SHA5129c815e554ac81f1ccaea8ddc67aaa0020440d5f576a2a490a66f58571cc04d4253325bce1d610622d6e5c10b69686f5ae5fdc0e1faabca3b0f17c1de14f411f4
-
Filesize
9KB
MD50c5347d2ca0704ec3dd47e1a83a7223a
SHA1b016ab7e6046ed6e7adb1da045bf074b349f40ab
SHA25624ad35f78188af598db721ebfd9ac13ed21ceccb6e16c512d1542a309f134c84
SHA5123012990e944da0e1af8f92cb5f209da7b2c6a2a7877e3529a727bfe12dc428b8ac2b00069788964cbf120d1ff9ec943b0933849e741618ad24cf1a749a4423ef
-
Filesize
7KB
MD5849060b410954d62af4fc4305f0ca4a7
SHA1ca07cd4fad37fe93754003f97e1810223c39ab26
SHA2561efaea3be86fdf559e0668ec5519e4a23e5ec7fba4441fcf8310810ff60564d6
SHA51246c70b1c3b8cebb15d4b4c9b95027eaba6639803e031414e5dda96613cecddd3d9a09e74d0e05846e319fae209259c1b406646602854a04278a683fb729a0049
-
Filesize
8KB
MD54c3e025336e0690e3042508e3463994a
SHA198b1ea9c99eb2e763cb2c21de5d1eb3190dae007
SHA2568a2421a5ed5b065f7bac2cfb03acb777a4d1532be37c500c8e09d9741f79ae0a
SHA512aa8be1546e5c2c3de195b74ff5ce8a78a032aba323dd8a85ca05197f2a5acba5d27c1967665a3cd79a8f79a2a0ecff0b11f459e320701f612765898875b76850
-
Filesize
7KB
MD581ed9ff07661d6dc915e87e243effc74
SHA1063aad166ee5e2c5c6a85498d7f5386c9a620f36
SHA256f6f21bd3c60d1dbdcebe118bf13088c912b5a09ec9f4a1bcddb139fee2792415
SHA512c514ff4fd975e98b1d7b2aee2fbc6f1c3b2d66d0ad3e4d4693b2904d027ee1f222f3f0dcaa778b61fe7d67f0ea563e05a31a1646db8aa4c07cd23fc1918b848d
-
Filesize
7KB
MD5a5c49ec022a59bd245ac659915539f0e
SHA11f2976b8515b1a54adfddf3d95c9ea0d78ac2bb6
SHA256fdd0b52b97572145fc88be340927cfb52dcd4771f1f1fca83534ff489239cc48
SHA51207e04bb8dc62c6f3a916a1f5614ea628554e28d8e0cdbd3b3703ab19f86c6af97bb06c365717b6822be39d4e8709529e90b0d16ea8f42cbfaba650fab7aa567c
-
Filesize
7KB
MD5629bb67f264a0752975525d0bdc1a421
SHA10422f5e09c8a2d65dbde5aff38e2be02ee510b19
SHA256f7a5b02435d5f1cb9ad6253d163679fb4abcebaa166eee095c24d92fb482c172
SHA512d06eaabca0108f12c218b7059d510ccf82d4f280da13dfce426755b38a064f8143343e99c7eb85cb616161894bd3550b1abc83c3d41d28abb02a521747ed90ba
-
Filesize
96B
MD5e9d2fadf5979aa46dbcf99be617ccfd7
SHA165db0f2c1d738e5a6c4734360a5c143ac4639a17
SHA256082d0cc7a56a23ea842f595b9125bfee2554a144271cc72e24e78fd0692fb56f
SHA5123d4faed4a9f84219c69b5f5f26dbe232a91e92a5a559edaa5607679e420e985bb0e85d1e72a70d329e6a056a1a38153053473cc363d33d562f00256b4e35ed46
-
Filesize
48B
MD54576b34a3ec8f5404d01ef06d55afcb6
SHA1c72cc2781a003571f69e9da80c1cfbced136d342
SHA2563c63b8ad47b070da29093563d5faa691df69b4a0eb95624b326edd3ec9ea8506
SHA51217edab8fa5447b368a2db663e3a53b8b351dc1053cd0c213fbf8b65ff48b59873cc6cabd9d311a8f69e076ce2dfd4383b413cb10c5898a0ba274d4493a5b1a07
-
Filesize
2KB
MD5510340c620514f5d4c49640ada210fdc
SHA16ad8191dea62878e2950d6ee136af82bc0a92125
SHA25696159a4b36095b0dd14a06263654a3400779eb5a71dbbce34045a5b8a875e554
SHA51209829d5019df566ee9b51f3e817e931110cc66ae888c763046f90531519371ba68fa3701a706b0d0d0c2c14b695967dbeebe495aa2c57610f478b1496f8e6380
-
Filesize
2KB
MD5f03d5289dc782a5eddb1c9b69cb396fe
SHA17bb7ce91d338763c46151dbc881f137f82eb7452
SHA256952945b187fc85f046790a63b6395cc35922aad7a802d1cba502d5308cc2a559
SHA512baa967e7343b18342829dda29e8a72d3689ea4fce951c21bc888cc86e55e81ec4f1c68d78e5f93e49e86ebbf5648a4c45c871bc3a9d3ea607946f50dd4ac83df
-
Filesize
1KB
MD51a63f2ea3c2269f24a692444227cbcb1
SHA12529fd4bbab77cc7b8f229856e9abe8b17294017
SHA256061658fedf4eb5e61c2c40881f3de5b2f8233aa1643df80591e2e21204ee23a3
SHA512df4cba349f56ad618fec79270c6d46c8eef1aceb312a6edbd2171711ca1eaefbfeeee38a30aec064a8dcd671a84f28c0ad7bf3cc77706a392bfbed72a7716310
-
Filesize
2KB
MD5c7d1758772c2f563a8a7afe8c8b926a2
SHA151ee0dc2c876e8d0ebe01e2f1bafae28ee071ee1
SHA25616a97afea3f9368bd3529ac864e8ad9052676c2a23dc444d6ac637c611ecbbd9
SHA512cb1428048d3f70f2a419a397c3b5fdcc2083c2c590e5bd473ff1f1a6add60e7431f82ccba5af9a16d3d30c9e30c0b57f091dbafc9d11b1200a40c2d661ecd9ae
-
Filesize
1KB
MD528cf827554b3fa6b623a4f039132f947
SHA12b86b37722da1d4be5f046ce480361f13f35e1da
SHA256352374e3a528cd67361eb96be931168284d097657f2064a207314251a0d6aa79
SHA512a19aac78e6a8f41b0a29857aaeb599e57cf5f125ac3321ee786837f82e1305fbc91b97d20f988c65d9e3798bbe9ab7ed845208e7d3a2431f495805a1a766695c
-
Filesize
2KB
MD580245a9f234dc727be2fb7706f2fa993
SHA1e8dca0340628756a3027c82c37d548a3dab27aa1
SHA256db1f96a849d5d894001228332b0702307891db4a15604e054b1a56641d06624c
SHA512c2c65576d28dbbed9eb280b9b548b99758a90869e5b6a4d798fc1ae454b4764f5fe29a576159c3f6da607b25d8a59ac26d9d03dd4ea004850348687df7cbc9b2
-
Filesize
2KB
MD563a4eb694a6762194230e312a61b808c
SHA17a1d56ffa1dd6dc19a81d897b95a586a52b40486
SHA256f9a13b5b94decc7a42b7e610dbf420ae7fa96dc4c645464e591b7301b76e227f
SHA512f2cf81f6e45d04e27cc92008e83a738c34a3f54767b8e55cf5a1a760015b2199fb09fd4d8616f7f896f670e7b62f334d224bc8c6fe8e179df5aaf8b1f0a5de3f
-
Filesize
1KB
MD5c59bcd187795c89d43663166b19da49d
SHA18a164396fef960e1bffce9b63d27ad60beba68c0
SHA25602936e5f8728522bf7fc0ed1c3be02bc6b1939ee9f2cdadbb3b9a380aa6383ad
SHA512f49d7656dc32903ac05260b7937b94e2740748eba512123b56a0b3cab4f745d67775301bfb062ec491e9af45ee691ce6da5db7ac32ac31233487f264182f677e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5b58cdb47f40b2949d59a5538704fb061
SHA1c9590c29e50433ba927a6a639397103e8705869d
SHA256106b6c33017b886d62638cebd741b71076f3a5d9066f9ddee18b2187ae7d4ca2
SHA512e32c6312a0c90951f0827eb534c2220084ef1f17e7a29bb338b331a925530fd82091534771844ce2e04f624553f441a59e04f40c998ae977e1afe287be3aaccc
-
Filesize
10KB
MD53ab92fe31fa04fabb64d3852b0b63a2c
SHA1c29cbe18acd93a021e48df1634140c2ff98393c3
SHA25672048c06022d007599cbb1674bcbeec7eed66cba22df8a8b76400ac21fa39a46
SHA5126f1dbdf75202fb6553443293119de6f60696dcc43664b7807a6511e5115fb853cae133a7f4de5097718a8a1d4e759c0e449e6c3ffb7a4f55853503572dcd15e9
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
10KB
MD5240c02df7134be28c8b78af5e2f8e0f5
SHA1cede4906d3aa16b9c84a7ab36526798bc7f92944
SHA2569c68f76ccc0029532e6479ce531815bdd06d575a048bae92967c24687ed2e1ed
SHA5127d245fb7f991fe317b58c0f150f804854f493032490f02c9ec9d686bdb30169fb4f7f7d24c241e0a30e5092b15a562e01ae7bc9a80020e053ac8de8a6810a987
-
Filesize
14KB
MD5bba52d7f53ab3ac218eeb2a939b9cf53
SHA1c4ab544fae4b9e44cf32f77e8453a1912463df66
SHA25610c1808f82b05225d05c58d9136c399fd1a68a07bc0de95d66f7b1160fcd7ae0
SHA5121fc6950eb645c390d73fdbb5e757bb850a261438b039e1a57b0c67678d498b922027ce2bbceabb6cf97bf3f06a1a07fe13603f5552d2e161df17242d39eeb82c