Analysis
-
max time kernel
823s -
max time network
449s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
25/03/2025, 08:25
General
-
Target
https://teams.microsoft.com/meetingOptions/?organizerId=1aa03086-a185-4f6f-832c-48b650f0e123&tenantId=b248ac42-6410-4824-a777-ff6c6620c785&threadId=19_meeting_Y2QyMDMxODEtMDY2ZC00ZDcwLWE4YTYtZDVkYmY3ZTc2M2My@thread.v2&messageId=0&language=nb-NO
Malware Config
Signatures
-
Detected potential entity reuse from brand MICROSOFT. 1 IoCs
-
Drops file in Windows directory 9 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://teams.microsoft.com/meetingOptions/?organizerId=1aa03086-a185-4f6f-832c-48b650f0e123&tenantId=b248ac42-6410-4824-a777-ff6c6620c785&threadId=19_meeting_Y2QyMDMxODEtMDY2ZC00ZDcwLWE4YTYtZDVkYmY3ZTc2M2My@thread.v2&messageId=0&language=nb-NO1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x26c,0x7ffb0b1ef208,0x7ffb0b1ef214,0x7ffb0b1ef2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:112⤵
- Detected potential entity reuse from brand MICROSOFT.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2452,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=2468 /prefetch:132⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4132,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4148,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4272,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:92⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4192,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4152,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=3788,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:142⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11403⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5280,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6368 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6332,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6484,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6452,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7136,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7436,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7448 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7048,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7068,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7116 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4200,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1632,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7748 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=5776,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3532,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=7700 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5804,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:102⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3364,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,11442151724065354074,2310598154725034617,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:142⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5046b1cdbd636e82e7711ea1fde31d7e3
SHA1f5fa4183cb259a99b4148ee957a5f76e80a77ada
SHA25640328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a
SHA512460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4
-
Filesize
280B
MD5cbc9fc2d9ad2df85283109b48c8e6db0
SHA1721ea0dfafd882d6354f8b0a35560425a60a8819
SHA2567c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe
SHA51209594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609
-
Filesize
4KB
MD5bd0d7c5397ea6bf4188cf70e0e19de90
SHA1476e308dcecd079f56e34ff241683459aef64938
SHA25602794a71d213dbc0ad4457e7e1a7ba2628f97b44a6564a3337fac59e8502737b
SHA5123e93477d2a2881eb95fb8c06913cb752dc272f593a11e8fe8c6796570b2c1f60c7b918cc682777baf413ba2b9eadaf0a62288033dfe7ad227ef0bdd8c709f3f4
-
Filesize
4KB
MD547d41bb4c20a718c3624d6c819e04b38
SHA16f54774498b45e6b309a0e655f461046f5d597bc
SHA256a2b65d9807a1b10187101a066d776cf027d5931439b1cb38ff5051770d246cc5
SHA512c8f29b024eccce0c394954ede1f6a5d128815f9455106945adaddda28bee3d429e7e6263219f29f681d70b47407044d8f80164271aa18bbd5bbc6bb9352692ab
-
Filesize
3KB
MD5bab474e15ace37fc1e8646e4e2064ff1
SHA1b7c5755b17a4d976d5aa590163a0d917f3d13387
SHA25648ecf309c603565bda50215373e890bb6c561599e2463554c293f3b3eeb2346d
SHA51223402fa61e804568ea257a0ca3e8c50acd167ee4b8863ca31b81a5dac1837c28a95354de00b6a3fbe1082b853ffe099fdb70519fa3d69d9823a4ca556f299b47
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
3KB
MD58a3340f83cc0c1479db580f82aa41f87
SHA1dbf379835da7af3d9c979ca42e9f31e0fee64c9d
SHA256e7dc568e3efa60149c6334d53fc609c1e34ecb7898bf2f5f4aef1e878788d51a
SHA512c4b907bc3cb65ebf484b8df7bd4ebf9792e13c06fd823ef25761143a8fc11e839704c221f402e6209dfbfa7ed11078c91eceb26ee254c2c263a7a729263a4ad8
-
Filesize
3KB
MD5d4a10b6be42382a9292f3fa5e0bf1875
SHA10099a443f00f435ebb73d12a5e3e25059845d39a
SHA256a50fff7159a70fda5d77274435e5914b954be12a667b2519099cfd7096a9127f
SHA512666015d74c6fc3e4cd86c737abd3d09f1db70edb17f3afbf8aae2fa25dfe18db805083a7ef09a05890a58a2218d541c98b4281db271319b913597a617a1c1c4e
-
Filesize
3KB
MD51ff0203ec5cbb4d706fd99341e5f8866
SHA122d35a4c051739550544ef15e84a60cb86cdbb55
SHA256e5c84bb4f93d2cc5e47ff6aeb81a41db4339aa706e4af748541c0e0a48c91e88
SHA51223bf033884919dbf8f8b1ef51932e4c1e8dd84c661778c67bdc009720f633afe4ff99bbfa4f18852b9d9e261f7555852cef6a281ca3b4147cbc07428554ddd16
-
Filesize
3KB
MD58153d977ae31e90e85bf8111beddf044
SHA1ce0f34d70deaa9bba626fc4188c400972d67de7e
SHA256d823d5d18906676f42287c3fa4dd5baee5ae9947dc473b60ef446c64fd302dd3
SHA512067f697af3ee308805acbb928412aab08a29b37db8c62b4f2a46333eaff5db0068cab3fb764dfca2d8357e5af8968f02210b65cdf877a4170d379bf16f70bb94
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD55842f340f40ffcb6699a57afacd91917
SHA1fae0c70e1843b508ed285c8348247c5e4437ee49
SHA2563a47a61181409becd67d20e62fbc2c2f9bd20264f2a2868d13e7991c6418d45a
SHA51248aa9621e6d379a9db976a5b6e999a2c81cafbd53be7e6e90fe553ceea1eccf7716a8be551e024737d2fc29e3ae227aee2d2f841fc341b9d74befe3f9e638af0
-
Filesize
16KB
MD5c83719d33d9ba58be6c4df54cfc433b7
SHA13b9359b4096a6bf4d041019c47e71efa88ab98af
SHA256ea89b29935b817050efaf724e9f2b26ff30fd28b7477d0c303752497eee2dc77
SHA5122551c67c2ad18f2dddb603c4eb1087ab62f030d3c4cf4ab6e423456ff3168438eb1224bb9c63508cb9fdde8da537f4796533c708d5342d1148e3f3bc8cfad1bb
-
Filesize
37KB
MD5348d9be7951cbc6a0eae3db38aca4104
SHA1a22ac9492d0be044882c0d7493cb60b2733d7886
SHA25619b874250ca2e09126b14039d990d9312e25bfa582ab71af2601211654531a72
SHA5128417de47fc66dedcbe24570b687e87219f1a7cca5cbbd33a117b7cfcba74d75dff0576d635045ac784827a22daea5bc817159b79d8a73f62ba0bec3f762b2f2e
-
Filesize
96B
MD514c1515224feec68f37f90405d454441
SHA1a9f6524a38273c907e16eb7f388cc4d3accb9fcf
SHA25619e83976d2253b6c5641db1154bed648eb496fc3fa5c4afda4cd1658e5217d4f
SHA512657c2a1ab490e9b70d92654b6a5fc445db0d01e6af0ab565c62a0caebf7a7966c580f128fca91f86866706b6497fee4bdcf62b98bb5cb177f877147985d027f3
-
Filesize
48B
MD547c221e2d013907526224f08b6f4a485
SHA14a690514fecc45b27e8f89304f6c68c05d1ca9b1
SHA2560318c5528707d1deee0c86512d1d222d3c668f5cc998a3238a68ff776bc43ba9
SHA5124b7b8a2773274c1c5af7b8ba934bb26d8ce055da28aa45c29236b143d1473d6e1dffc595591791a51abf8e5faa4ff00ad6d2e78d9f715957e7e135f67d6d195f
-
Filesize
136B
MD5f1d5af15bfe746da3b27d26678ddc995
SHA18c6a75bc6d5cfd864c5729a4f55be97ef6fb55fe
SHA256bd46ea882ba0ccc8037dea3ce1fa53ba5c30d6d9db8e8102901c9d26e27e1449
SHA51246d7509e664ddd88d559b69dc0a46d0313c2fc1f842c9aa975b26a2feb1f78557c414a850572d3ab377ab2fa5dfde27fb021e823aa421a73f2b5e84459652f10
-
Filesize
141B
MD5fc9e2ececd581e284fc1f4e6e94b596a
SHA13fde9574c5e285434f288b3971bac1bf12498bbc
SHA256b4e18d6ddc6d27fcacf4be773bf7bc22c5585fc1268faf9e790f64b479ed7470
SHA512aafa11e544e78feceda3590fdbd98acfc09878f076dd619ebe65d066fec85c6123c74da25465f05e8960701079cce21ebe7c9a84c9d1f6ae42f8904f57f18d19
-
Filesize
552B
MD5d5b5cace288a00db1172d3d0d668f4a2
SHA10ed8bae42c4e34f773a63934d0592f9763552ab6
SHA256d6a8f4e44149bcc571c307f25e828cfefb5b82565be98fbb46bd471191bbc98b
SHA5124ce9ffd416f67b6aaae1a1a7b00b3cf7b900800432ac09cef4d90ca4ea5c325178b57e221ae5005835960fef057437ec65939b52ef20e6c963dd49a689859cf0
-
Filesize
552B
MD522d7ea723c727803dc8d4000ba366b34
SHA14f991bea8fe15cbd9045c45c224f60735c018e74
SHA25696fa283ebb9964e83d45bc40d3b530ca05223cbd13589b700e3eedec4da97f85
SHA512f6f3d75c853653b19593944c6c839172f8eacb2d4a54e3c8f506ab41fb5197b87119205d7e9b1df02583c54bf6a17994f87b7f139dea55ec553d5681e5442341
-
Filesize
253B
MD5634a3eb7cb4d7224dcc54c1ea540ec59
SHA14fd3fd4604acda941a3fa5f57a617582cf501584
SHA256b86411ed8bf564c56297eced4e51dfbc153341a5b1c4c7ec79571adc436df97c
SHA512018710d4b541d532f8fbde76b96f0e2e6b4f574b075a370bc2710e115172975e93101dafead2e9e975e2b79c0a0be6266178359cd41ae20948a9fcf2a49b440c
-
Filesize
23KB
MD5f91903d8ae8935938aa29187e08ed607
SHA12e2a4c64d8800974fb8915c902c9f7987a1a1f36
SHA25685001739a44150eb45b5ed262d39429733d42be3de1faa7c09e6daa804630c10
SHA512d61d631d52b532fa19e902b17132afbbe16e22507e3584d9d70acc8fdf4b1625ab6abd504d780ff64dbba34576b0921e71625d6c9c560b464423bbd742218a68
-
Filesize
876B
MD5f5ac8d0dbc3f5ee4eb6996d882e8c74b
SHA14491823712e55acbd8f4f0604afbf0282a7d9830
SHA2561af48bef36f59372b4c139cd62055fff307e72e2bd46cf0899c4117ffb8d7307
SHA5122ca92768e9d67111ae7ba7676a21f7db8ed63d8c9813832c1636834d49c20a512676eec68a507eaa79f4cda8ebc39c273d51179e6e649a346a5aea2553de64ab
-
Filesize
467B
MD5718812b5b1eb87e5cba49b30d0fb42d4
SHA10290c0ac03b150a3bad84a78ee4cd50826dba566
SHA256eff358fdd0b4b6e205c23024bc27088ace5f8637fa51886efce7e2b26401857a
SHA5123b9ab22afa05ab153b9f7c00c65ffb9b98c5fbd0bc5215bd28a63f8119bd63b293a6327b9881303fe218dc634e50feaaea21318d8a41d11ae1d431453bb254bd
-
Filesize
21KB
MD597ffbea42e9a0795865f12dedaa14292
SHA182b1a9a09d849ca8e55914ceb05677991729de10
SHA25684db83a7515ea99283ea322d6ae8a7e806287e7e98771a53a5d0e3ff362ecd16
SHA512884e56e3e7419a5ce22725d8b39b6d9424c882185762fe6ebb3a5c67d65e87b846ecce8a26491019acd3ba79641f489a32e20e2c7b99576315352cca1f5a13a4
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
30KB
MD5af6fe4ecf3e0bdaab3520dce1f557335
SHA13d2ea2b811747a6786489f787fb2c39f189535b7
SHA256f17fbb17511c8e6334e1a9b3f59ac55a63785905c947cf2e4b3b020207726466
SHA5125c4eeced6be417ddbf58d2a5e576b539f04bc866373597a3ffd3efdb64d0c883df67b8ed8e48887ba889554a2ecfbd6416ed7bcfe71b277e4e8d8725d1e3008d
-
Filesize
30KB
MD57177e6e24ea66b4adacedec71ca7c9ac
SHA1b030ac10711639d7d111add3ab8d9bab3f5f22bf
SHA2561f8f510ba8f0ebe0d2f0cafabfd1c3766f4b14593305cc60bb6ff9dae47a42bf
SHA5126abf233536335514c9fae9058d1c4523a5b907607dd5b44bc0c5ee4ff553b496798a39585775cb04e84d01dcc730b84b67c78997e89787610d610a52ec2ddebf
-
Filesize
6KB
MD5f057139e91c67e81b3478989dbb7d5fa
SHA1b215abb0655fdd70176c4837d0d092c8ed8814be
SHA25639dc9765a447f7888c8ae65dd687862f05c351c7557e2d03de9195e0a62644bf
SHA512745a9708eee860c4cc4caf3d5120c13398f3e347744ac7295ff3bcb90a1f37f9b7b437adaf0ec4eb0c9d379b02edc8586bafe5c982d62296ff8d83e89e867344
-
Filesize
7KB
MD5a6533ce84cd8a0dd8b1f12295f7e9f4e
SHA1a12666d719f3ff3f4c4154087c8e77bfa1e2c41f
SHA2562cd6a044c305a1a2a895372f1876d930f3a2b068f23bc10f9f70eb36df0f5505
SHA5125dbd8b049fd5ff87ca67e7c465e32a98a3483de3210de22f46e823eee00f5e31e4be4d8f4d259b7cf760a2461a723b55aecef94d64d7867b98993f7a50aa7ffe
-
Filesize
39KB
MD55ea15b6ac344e44a2d0400db080880b6
SHA128f65328076276c8dc3bb5843e829fa8c02e6f6c
SHA256ca62ec8a21760811eae3324265b52c14cff29c35f68583db1c3312abb12d527d
SHA512e933610f4580f1da75eaf70917422c030fb98a8cb22e82789d94447245782df9fa29866090651324cd52b3d8c0ae2a9ccf7cf587e51950228ec5b816863feffd
-
Filesize
39KB
MD5f3d6a8467e97da92d9a744f5ee41aaec
SHA1a823f42e183190796abfd9a970dcf0875a2fab7a
SHA256b751fe10fa1f3edaf8a90f7d516ac784be053c4eb0da8ddcf517707d553b6996
SHA51263d764e1d02a3d863d5940f4b33272ad77ac0033ded0a9c1bca6a0e43d5088d577adc08af131f9f00d279e739a60d6620e7700eb64b88a1f5d04c0c7c3d188dc
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
23KB
MD591e99867496bc76a97d2dec29559f49c
SHA13cc4fdfff67ca700137b71a0a26d332785d024b7
SHA25673d7d024408b052c86da72cc0196f9928314a773877a0465dd91cc09d418f761
SHA5129cd1eaae9cd87618c38ef17a2c23d36ea6eea45109b568d656b74d221c732f9ecdde2c13d230c3909d0b3bd702d0a69817a09a9b4d1de7ed6ffa6bb2807aaf0a
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1