Overview
overview
10Static
static
10Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/a...-0.dll
windows10-ltsc_2021-x64
1Seliware/b...x.html
windows10-ltsc_2021-x64
6Seliware/b...ain.js
windows10-ltsc_2021-x64
3Seliware/b...lua.js
windows10-ltsc_2021-x64
3Seliware/b...ain.js
windows10-ltsc_2021-x64
3Seliware/b....de.js
windows10-ltsc_2021-x64
3Seliware/b....es.js
windows10-ltsc_2021-x64
3Seliware/b....fr.js
windows10-ltsc_2021-x64
3Seliware/b....it.js
windows10-ltsc_2021-x64
3Seliware/b....ja.js
windows10-ltsc_2021-x64
3Seliware/b...nls.js
windows10-ltsc_2021-x64
3Seliware/b....ko.js
windows10-ltsc_2021-x64
3Seliware/b....ru.js
windows10-ltsc_2021-x64
3Seliware/b...-cn.js
windows10-ltsc_2021-x64
3Seliware/b...-tw.js
windows10-ltsc_2021-x64
3Seliware/b...der.js
windows10-ltsc_2021-x64
3Seliware/l...64.dll
windows10-ltsc_2021-x64
1Seliware/l...64.dll
windows10-ltsc_2021-x64
1Seliware/msvcp140.dll
windows10-ltsc_2021-x64
1Seliware/r...er.dll
windows10-ltsc_2021-x64
1Seliware/r...er.dll
windows10-ltsc_2021-x64
1Seliware/r...er.dll
windows10-ltsc_2021-x64
3Seliware/ucrtbase.dll
windows10-ltsc_2021-x64
1Seliware/v...40.dll
windows10-ltsc_2021-x64
1Seliware/v..._1.dll
windows10-ltsc_2021-x64
1Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250619-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250619-enlocale:en-usos:windows10-ltsc_2021-x64system -
submitted
02/07/2025, 19:25
Behavioral task
behavioral1
Sample
Seliware/api-ms-win-crt-convert-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral2
Sample
Seliware/api-ms-win-crt-filesystem-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral3
Sample
Seliware/api-ms-win-crt-heap-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral4
Sample
Seliware/api-ms-win-crt-locale-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral5
Sample
Seliware/api-ms-win-crt-math-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral6
Sample
Seliware/api-ms-win-crt-runtime-l1-1-0.dll
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral7
Sample
Seliware/api-ms-win-crt-stdio-l1-1-0.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral8
Sample
Seliware/api-ms-win-crt-string-l1-1-0.dll
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral9
Sample
Seliware/bin/Monaco/index.html
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral10
Sample
Seliware/bin/Monaco/vs/base/worker/workerMain.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral11
Sample
Seliware/bin/Monaco/vs/basic-languages/lua/lua.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral12
Sample
Seliware/bin/Monaco/vs/editor/editor.main.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral13
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.de.js
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral14
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.es.js
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral15
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.fr.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral16
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.it.js
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral17
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.ja.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral18
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral19
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.ko.js
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral20
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.ru.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral21
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral22
Sample
Seliware/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral23
Sample
Seliware/bin/Monaco/vs/loader.js
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral24
Sample
Seliware/libcrypto-3-x64.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral25
Sample
Seliware/libssl-3-x64.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral26
Sample
Seliware/msvcp140.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral27
Sample
Seliware/runtimes/win-arm64/native/WebView2Loader.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral28
Sample
Seliware/runtimes/win-x64/native/WebView2Loader.dll
Resource
win10ltsc2021-20250610-en
Behavioral task
behavioral29
Sample
Seliware/runtimes/win-x86/native/WebView2Loader.dll
Resource
win10ltsc2021-20250410-en
Behavioral task
behavioral30
Sample
Seliware/ucrtbase.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral31
Sample
Seliware/vcruntime140.dll
Resource
win10ltsc2021-20250619-en
Behavioral task
behavioral32
Sample
Seliware/vcruntime140_1.dll
Resource
win10ltsc2021-20250610-en
General
-
Target
Seliware/bin/Monaco/index.html
-
Size
164KB
-
MD5
001dcbb8f41cdcbf9b4d1e3a0ed4b2d2
-
SHA1
982a05814546017c40771e59e7677b53d84787e9
-
SHA256
f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951
-
SHA512
9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa
-
SSDEEP
3072:Nk4J09UmmJv8kBpZaFD48VOAGUWYPjDZlLJbRBiPEP8yKUz2Ojmjr8zM3KP7pblM:64J09BA3pZaFD48VOAGUWYPjdlLJbRBS
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 15 raw.githubusercontent.com 16 raw.githubusercontent.com 19 raw.githubusercontent.com -
Drops file in Windows directory 20 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\edge_autofill_global_block_list.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\regex_patterns.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\data.txt msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_etld1_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_full_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\autofill_bypass_cache_forms.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\manifest.json msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\v1FieldTypes.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\sets.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959579764252107" msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1046626855-4157782226-1738848475-1000\{13716F67-DB46-4891-9DDF-5D5754916175} msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4332 msedge.exe 4332 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4748 wrote to memory of 2132 4748 msedge.exe 82 PID 4748 wrote to memory of 2132 4748 msedge.exe 82 PID 4748 wrote to memory of 2944 4748 msedge.exe 83 PID 4748 wrote to memory of 2944 4748 msedge.exe 83 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 2336 4748 msedge.exe 84 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85 PID 4748 wrote to memory of 5612 4748 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\index.html1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x35c,0x7ffdc9fef208,0x7ffdc9fef214,0x7ffdc9fef2202⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:32⤵PID:2944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:22⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2312,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:82⤵PID:5612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:1068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:82⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:82⤵PID:252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:82⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:82⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:82⤵PID:5260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:82⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:82⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:82⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:82⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:82⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=888,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:82⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5312,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:82⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:1100
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:2728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:5920
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD536d6ddd51958f3cf4471399f17b732f9
SHA1c764cc33136fedd44be4733f72ff3ac2a70face2
SHA256ba14232f9cb19f4bf76d1ae7b04df64817f102a5bafd6b482eb3a00888bfc322
SHA51243b23dd088f52f2570efc6bb3d73c4436eec15a344674e86d640bbf32825e77809a50a3aa2c29902481d4d51a3e420efc66716d1afafcb69c27e44fcc0b5a5db
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
1KB
MD582adb2dd8a136a0781ec050a145fcd58
SHA101d653c936339f4f4508cd97f9f54da6316a1bcb
SHA256cbb27eb2c6f21ba18689a195fc68cc1b17223fa18c41d7af49e21f97850a7d93
SHA512f67024251adde60b465092b23f3b1d4d8f692f53421c1250030fadf0099387b1b5074478786f5815027acbcdbe309fd3501354e9a2a9333f4ae1e369e39fc19a
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
15KB
MD5878c51a7140ac3b8608b2c1fecc7f453
SHA135b0c4f639cce1097eaa9044a108225e7cf596d9
SHA2565b72d3e57fd31cf42c1215a92eb4bccb43d80659dc3f96030ff420616f51c54a
SHA51213896da2220b44875328a9cac25aae965c2fde046cd0e57ace8b1747126f099ba1554b2e269918623df9fe15a9fdeeabad2e3d8d2d959971065688e3c5a95257
-
Filesize
15KB
MD5c0eec30c2dc8d65d8b4c4028650d0b72
SHA1172080403613538e58f54f68abf629c77c5a2df3
SHA256c76fe26e15382f07f8399d474ec17f5d44ce3da970089997ac5aa3d30c9bd1bb
SHA5128530796c7641b8ce7d3cce339ba2205e134ac4c1319041d4eca04be48c9a45915fd54faab4ce1e425b43d4f6eee195f645652f6469f88c0bc6d2886d3f64e0bd
-
Filesize
36KB
MD5e5c4f3f95afe7b2e64e960cb427801c8
SHA1ec69573872dc62d895f7fdbd41a9476146db3f49
SHA256fea499c65d17eef14b246b07d234dd30004177940a145960229ec2c3a5b94142
SHA512ea5c7bfc218ef520a78da06dfe876bf3eac2342ef3a4b7a8a6c50399ef46707f9bf964131ce7070da61ad6b3bf1b1403c0a1243871ec4cdd5b1b88b3ed222935
-
Filesize
21KB
MD50017ddbde953f1512d99574254884973
SHA11f405d39aedb90c18bd23bf1dd305c954422b335
SHA256c65dd68141ee927bd1d045e3470eea109c29e9436bcbc64a2b8cd61c13f048b0
SHA5128089a354efce0324c4db899ff96d8cad3536aa94c30957c9ca060b296347cff6f8aaa3bc7cade1f1d6e934666821714a63e4f07d23739361a0275aa58d184b10
-
Filesize
462B
MD52069b737ca415eff6454a252fc67a4c1
SHA103a6b3c615b2dcba0f100277d35efc21ee79dc08
SHA25638b672f1647a139784161b36a03f4f7f7a74281d0e0bee848c89a833441dce48
SHA5128be6ed7b1dcbc10bed95af47e52f764696e495cec13146dde9d4838400415d4811a78090e4477916d5db9d3d20f6f140e57b5248dc487431c97a4c4c38570d29
-
Filesize
38KB
MD5ff9cffb2d1410084f652e5340950f2df
SHA1b72e9bc299612cea0c381f25b924bab095e43876
SHA256c05243424303992a009289c175d81e876579ceb5c4c3951faa8e07fba70a9ca7
SHA5128ff7442f4cff96230c777d85ac1938d907f73a531e73a5f2e8b30b2f5c8d8a1370dea1823f66d34d67e830d06a9e16899786c6da7346c1a06ec62a2fbc59e1b0
-
Filesize
45KB
MD58738fe0511b1f648aeecfca0113c1712
SHA128119ca05a5df58f6ff1993115189c1f48c2d0fc
SHA256ea68ad9d5e7efc92662fa32a8b9407a56531c97a945976d0fc0d7283ba23faab
SHA51269fb47f933055c3bf6c599157324fd7218f8296e62eae6c8a407139a804ec8cca2d863465ee1f31c9451722540ebcb2088bd331ab66e956d3a9781856e6925ca
-
Filesize
45KB
MD5dbf3aad50ca17ddb2db2e34c665c8ca4
SHA18ac78e4d105848304bb4443a860dae0b3d32965f
SHA256be6e1bb53e8ca12b63d532897a40ab6a1ce476676b00d27cee70b3a0c2402544
SHA512a1065bef27d03f0741d7b958d7c90e32d5b9f48f3104242f1a5117c04dbf2790e8c3b8ea93ee3c595c469b945ec3948473becb8a37dcfd5c6c1d9faf053d8aba
-
Filesize
45KB
MD52e3a3fd751b51d0417b1642406104396
SHA138a9b09777ee3e599ebaef52b929a9df37978fcd
SHA256a5ddc1926fba7b39c097aea380195f830910a811a3a8579ca6035178d42ea1ec
SHA512132653a3b5bd0d8fc8ae8c16a77cb9af064e3e28ca2bae03b2f7bbc49e6fdfbc15766a37c6d26965fc431309dc973e47ef8472c0608d0e91318eb52b92535345
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD59118725ba511485e718507f5a261e01a
SHA162e0c7768a33ae6d569285d3c9ccd48a5117a938
SHA256e696168327d97c4205500e8f0071a1e983a790b4bd1abd4cc76266662c5df0a4
SHA5129c1113e1fca7b3616497f512971f77ea6e0f6930314c46034ff4392773cd47992fe33f3a2d7972d166ad2d5dd4bd06f162fe81703b185c486633a394b3a51366