File name:

MinionLab_x64_en-US.msi

Full analysis: https://app.any.run/tasks/c49b12a1-34af-43e7-b6a4-d5608f62555b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 04, 2025, 15:15:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
generated-doc
auto-reg
loader
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: MinionLab, Author: st1, Keywords: Installer, Comments: This installer database contains the logic and data required to install MinionLab., Template: x64;0, Revision Number: {60267816-AA77-47FF-8F77-A8FC95DBEE76}, Create Time/Date: Tue Jun 17 09:18:04 2025, Last Saved Time/Date: Tue Jun 17 09:18:04 2025, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
MD5:

C3E35B644FA581139EAF58C12C4E0443

SHA1:

A45BF403007CB030F7BEF10747924072B53CF164

SHA256:

D7548D9EDAE61705943FD6B24A0852265B840B2477C35102511372F660AA4B48

SSDEEP:

196608:skOyb9kTwBFI4Jj0KmCo/Lpvym41NHNdnI:H9k8BW4JjJo/LpvyVHP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • st1-desktop-app.exe (PID: 3900)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4832)

    • Executing a file with an untrusted certificate

      • st1-desktop-app.exe (PID: 3900)
      • st1-desktop-app.exe (PID: 3580)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 5372)

  • SUSPICIOUS

    • Manipulates environment variables

      • powershell.exe (PID: 4832)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5548)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 4832)

    • Gets or sets the security protocol (POWERSHELL)

      • powershell.exe (PID: 4832)

    • Executable content was dropped or overwritten

      • powershell.exe (PID: 4832)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 6268)

    • Process drops legitimate windows executable

      • powershell.exe (PID: 4832)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 6268)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • MicrosoftEdgeUpdate.exe (PID: 6520)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6520)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4164)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 72)
      • MicrosoftEdgeUpdate.exe (PID: 1496)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • msedgewebview2.exe (PID: 7028)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3148)

    • Starts POWERSHELL.EXE for commands execution

      • msiexec.exe (PID: 3148)

    • Starts process via Powershell

      • powershell.exe (PID: 4832)

    • The process bypasses the loading of PowerShell profile settings

      • msiexec.exe (PID: 3148)

    • Application launched itself

      • setup.exe (PID: 6268)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • msedgewebview2.exe (PID: 7028)

    • Creates a software uninstall entry

      • setup.exe (PID: 6268)

    • Searches for installed software

      • setup.exe (PID: 6268)

  • INFO

    • Checks supported languages

      • msiexec.exe (PID: 3148)
      • msiexec.exe (PID: 6372)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdate.exe (PID: 1496)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4164)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 72)
      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • MicrosoftEdgeUpdate.exe (PID: 5468)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • MicrosoftEdgeUpdateCore.exe (PID: 3780)
      • MicrosoftEdgeUpdate.exe (PID: 4084)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 6268)
      • setup.exe (PID: 4680)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • st1-desktop-app.exe (PID: 3900)
      • msedgewebview2.exe (PID: 7028)
      • msedgewebview2.exe (PID: 1868)
      • msedgewebview2.exe (PID: 5372)
      • msedgewebview2.exe (PID: 5232)
      • msedgewebview2.exe (PID: 5116)
      • msedgewebview2.exe (PID: 4764)
      • st1-desktop-app.exe (PID: 3580)

    • An automatically generated document

      • msiexec.exe (PID: 3908)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 3908)
      • msiexec.exe (PID: 3148)

    • Reads the computer name

      • msiexec.exe (PID: 3148)
      • msiexec.exe (PID: 6372)
      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdgeUpdate.exe (PID: 1496)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1300)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4164)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 72)
      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • MicrosoftEdgeUpdate.exe (PID: 5468)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • MicrosoftEdgeUpdate.exe (PID: 4084)
      • MicrosoftEdgeUpdateCore.exe (PID: 3780)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 6268)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • st1-desktop-app.exe (PID: 3900)
      • msedgewebview2.exe (PID: 7028)
      • msedgewebview2.exe (PID: 5372)
      • msedgewebview2.exe (PID: 1868)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 3908)

    • Reads the software policy settings

      • msiexec.exe (PID: 3908)
      • msiexec.exe (PID: 3148)
      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • slui.exe (PID: 4828)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • st1-desktop-app.exe (PID: 3900)

    • Manages system restore points

      • SrTasks.exe (PID: 5896)

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 3148)
      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • msedgewebview2.exe (PID: 7028)
      • st1-desktop-app.exe (PID: 3900)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 3148)

    • Disables trace logs

      • powershell.exe (PID: 4832)

    • Checks proxy server information

      • powershell.exe (PID: 4832)
      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • slui.exe (PID: 4828)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • msedgewebview2.exe (PID: 7028)
      • st1-desktop-app.exe (PID: 3900)

    • The sample compiled with english language support

      • powershell.exe (PID: 4832)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 6268)

    • The executable file from the user directory is run by the Powershell process

      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 6264)
      • msedgewebview2.exe (PID: 7028)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • st1-desktop-app.exe (PID: 3900)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • MicrosoftEdgeUpdate.exe (PID: 2228)
      • MicrosoftEdge_X64_138.0.3351.65.exe (PID: 1720)
      • setup.exe (PID: 4680)
      • setup.exe (PID: 6268)
      • msedgewebview2.exe (PID: 7028)
      • msedgewebview2.exe (PID: 5232)
      • msedgewebview2.exe (PID: 1868)
      • st1-desktop-app.exe (PID: 3900)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 4512)
      • st1-desktop-app.exe (PID: 3900)
      • MicrosoftEdgeUpdate.exe (PID: 3652)
      • msedgewebview2.exe (PID: 7028)
      • st1-desktop-app.exe (PID: 3580)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6520)
      • setup.exe (PID: 6268)
      • msedgewebview2.exe (PID: 7028)
      • msedgewebview2.exe (PID: 4764)

    • Manual execution by a user

      • MicrosoftEdgeUpdateCore.exe (PID: 3780)
      • st1-desktop-app.exe (PID: 3580)

    • Reads product name

      • st1-desktop-app.exe (PID: 3900)
      • st1-desktop-app.exe (PID: 3580)

    • Reads CPU info

      • msedgewebview2.exe (PID: 7028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: MinionLab
Author: st1
Keywords: Installer
Comments: This installer database contains the logic and data required to install MinionLab.
Template: x64;0
RevisionNumber: {60267816-AA77-47FF-8F77-A8FC95DBEE76}
CreateDate: 2025:06:17 09:18:04
ModifyDate: 2025:06:17 09:18:04
Pages: 450
Words: 2
Software: Windows Installer XML Toolset (3.14.1.8722)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
174
Monitored processes
32
Malicious processes
9
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msiexec.exe msiexec.exe msiexec.exe no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs powershell.exe conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs slui.exe microsoftedge_x64_138.0.3351.65.exe setup.exe setup.exe no specs microsoftedgeupdate.exe st1-desktop-app.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs st1-desktop-app.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
72"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.61\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1300"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.61\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1496"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1720"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{13CFC6A4-0FC7-4EFA-908C-487E183CD7B6}\MicrosoftEdge_X64_138.0.3351.65.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{13CFC6A4-0FC7-4EFA-908C-487E183CD7B6}\MicrosoftEdge_X64_138.0.3351.65.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
138.0.3351.65
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{13cfc6a4-0fc7-4efa-908c-487e183cd7b6}\microsoftedge_x64_138.0.3351.65.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shell32.dll
1868"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\138.0.3351.65\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.st1.desktop.app\EBWebView" --webview-exe-name=st1-desktop-app.exe --webview-exe-version=0.1.14 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --force-high-res-timeticks=disabled --always-read-main-dll --field-trial-handle=1864,i,11125986753118222212,12964130567594701956,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\138.0.3351.65\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
138.0.3351.65
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\138.0.3351.65\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\138.0.3351.65\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
3148C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
3580"C:\Program Files\MinionLab\st1-desktop-app.exe" --auto-launchC:\Program Files\MinionLab\st1-desktop-app.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MinionLab
Exit code:
0
Version:
0.1.14
Modules
Images
c:\program files\minionlab\st1-desktop-app.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
3652"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNjEiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QzdEMzBCMzItOTlDMi00RTQzLUEwOTktODg5OEUwQzQwREJGfSIgdXNlcmlkPSJ7MEJGMDg1RkUtQ0RDOC00MDcyLTlCOTQtMUE2ODE5RjQ0MzBCfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MjNEOEYzMC1DNEE3LTQ5MzktOTA0Qy02N0Q4M0YxOTAwODd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzguMC4zMzUxLjY1IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE1NjE0Njk5Njc4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTU2MTQ2OTk2NzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjEzMDE2NzY5NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZjI0ZTBhODAtZDg1NS00YWY2LTkwMWItY2I5MWUxYzkyZjAyP1AxPTE3NTIyNDY5NzgmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9aCUyZlg4VDdSNE5aJTJmTTN0RVl1Q3NUJTJmUUZoJTJiOVY0cnlTZWxQNmlBbUNWdFAxQ1FRNVAlMmZwWmlwVmF0eGNEQTFLZURpbHRlSCUyYlo4QjlsV1h6ZDZMMlg2OEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxODAwNzg2NzIiIHRvdGFsPSIxODAwNzg2NzIiIGRvd25sb2FkX3RpbWVfbXM9IjQ4MjE4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTYxMzAzMjQ1MTYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjE0OTA3MDUyOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY1MjMyOTM0MTAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3NjUiIGRvd25sb2FkX3RpbWVfbXM9IjUxNTYzIiBkb3dubG9hZGVkPSIxODAwNzg2NzIiIHRvdGFsPSIxODAwNzg2NzIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjM3NDA2Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
3780"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateCore.exe"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.61\MicrosoftEdgeUpdateCore.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.61
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.61\microsoftedgeupdatecore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
39 014
Read events
35 943
Write events
2 986
Delete events
85

Modification events

(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
48000000000000009BFAA789F6ECDB014C0C00009C070000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000009BFAA789F6ECDB014C0C00009C070000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
4800000000000000DBF8C689F6ECDB014C0C00009C070000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000ABBFCB89F6ECDB014C0C00009C070000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
4800000000000000BC95C489F6ECDB014C0C00009C070000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
4800000000000000BC95C489F6ECDB014C0C00009C070000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(3148) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
48000000000000009E89218AF6ECDB014C0C000084040000E8030000010000000000000000000000736537EA7BEB294AA63B8CFEF17C4BAC00000000000000000000000000000000
(PID) Process:(5548) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000D8DF2F8AF6ECDB01AC150000A8040000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5548) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000D8DF2F8AF6ECDB01AC150000E8140000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5548) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4800000000000000D8DF2F8AF6ECDB01AC150000A4090000E80300000100000001000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
216
Suspicious files
130
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
3148msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
3148msiexec.exeC:\Windows\Installer\17a6fe.msi
MD5:
SHA256:
3148msiexec.exeC:\Windows\Installer\17a700.msi
MD5:
SHA256:
3148msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:A7040E02A23254768FDC5E1177944E3D
SHA256:C8FDDDD9B6E836153E56AD0FAFC62745E154C8DA3E9F2E4A09E58495C410A7A2
3148msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{ea376573-eb7b-4a29-a63b-8cfef17c4bac}_OnDiskSnapshotPropbinary
MD5:A7040E02A23254768FDC5E1177944E3D
SHA256:C8FDDDD9B6E836153E56AD0FAFC62745E154C8DA3E9F2E4A09E58495C410A7A2
3148msiexec.exeC:\Windows\Installer\MSIAC0F.tmpbinary
MD5:EFE8264D2DF94B5F3F49F4A1F73ED808
SHA256:651985D374BAB4A0B298E22E0354EF015CC1903C67929B3108AA09C4F46FD159
3148msiexec.exeC:\Windows\Installer\inprogressinstallinfo.ipibinary
MD5:CF0CD6FE263D468AE5FDD3B2B1B86E4B
SHA256:F5622BD989BA85F22F123566AA1D8D1876180D72FAEE6B3A38FA47DA754F65AC
3148msiexec.exeC:\Program Files\MinionLab\chrome-launcher.exeexecutable
MD5:87FABE1412C0DAC29514C0F3ED72E345
SHA256:28945946FDCFF63D3E9AA2A296E1BFEA94779BE92950EF4621D07720A2A66E7A
3148msiexec.exeC:\Windows\Temp\~DFAE96545431438AF7.TMPbinary
MD5:98ED8629AB242B56D518030D415643E3
SHA256:89A73326E91D9C376E7F151302A80B04897F71B9CC2C3BCC0C8720E477C01D4F
3148msiexec.exeC:\Program Files\MinionLab\edge-node.exeexecutable
MD5:50BE40CE37F879F5740CF1208193BF32
SHA256:C7D0975040511655613FFE331E87389A0C1AEEFB9E206C2B960A62D288581D85
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
61
TCP/UDP connections
71
DNS requests
32
Threats
17

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4860
RUXIMICS.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
RU
binary
825 b
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
RU
binary
825 b
whitelisted
4860
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
POST
200
20.190.159.75:443
https://login.live.com/RST2.srf
US
xml
1.24 Kb
whitelisted
POST
200
20.190.159.131:443
https://login.live.com/RST2.srf
US
xml
1.24 Kb
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
NL
binary
814 b
whitelisted
POST
400
40.126.31.69:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
1268
svchost.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
RU
binary
825 b
whitelisted
POST
400
40.126.31.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1268
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4860
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
4860
RUXIMICS.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
5944
MoUsoCoreWorker.exe
2.16.168.124:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4860
RUXIMICS.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.142
whitelisted
crl.microsoft.com
  • 2.16.168.124
  • 2.16.168.114
  • 2.16.241.12
  • 2.16.241.14
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.73
  • 40.126.31.1
  • 40.126.31.3
  • 20.190.159.129
  • 40.126.31.131
  • 40.126.31.129
  • 20.190.159.2
  • 20.190.159.75
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.22
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
slscr.update.microsoft.com
  • 4.245.163.56
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 2.16.168.116
  • 2.16.168.117
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
Misc activity
ET INFO Packed Executable Download
Misc activity
ET INFO Request for EXE via Powershell
868
svchost.exe
Misc activity
ET INFO Packed Executable Download
1868
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
1868
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
1868
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
1868
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
1868
msedgewebview2.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.st1.desktop.app directory exists )
st1-desktop-app.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
st1-desktop-app.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MinionLab_x64_en-US.msi