Malware Analysis Report

2025-08-05 14:36

Sample ID 250702-x4xn1azybt
Target Seliware.zip
SHA256 93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a
Tags
execution xworm discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral31

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral25

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral32

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral28

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral30

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral27

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral26

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral29

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

93b147eb9ab24c2a3db94b7d7b75013f569d60ee55c89ab362daa60205a54a2a

Threat Level: Known bad

The file Seliware.zip was found to be: Known bad.

Malicious Activity Summary

execution xworm discovery

Xworm family

Detect Xworm Payload

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

System Location Discovery: System Language Discovery

Program crash

Unsigned PE

Enumerates system info in registry

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-02 19:25

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm family

xworm

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral8

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250410-en

Max time kernel

104s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-string-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-string-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

101s

Max time network

145s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ja.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ja.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral31

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

91s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\vcruntime140.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\vcruntime140.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

105s

Max time network

149s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-math-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-math-l1-1-0.dll,#1

Network

Country Destination Domain Proto
NL 52.111.243.29:443 tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

102s

Max time network

143s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral25

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

104s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\libssl-3-x64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\libssl-3-x64.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral32

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

101s

Max time network

146s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\vcruntime140_1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\vcruntime140_1.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:26

Platform

win10ltsc2021-20250619-en

Max time kernel

17s

Max time network

21s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-convert-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-convert-l1-1-0.dll,#1

Network

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

103s

Max time network

138s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-stdio-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-stdio-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

102s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.it.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.it.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

104s

Max time network

143s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.zh-cn.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.zh-cn.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

93s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\loader.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\loader.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral24

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

106s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\libcrypto-3-x64.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\libcrypto-3-x64.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral28

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

103s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-x64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-x64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral30

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

103s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\ucrtbase.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\ucrtbase.dll,#1

Network

Country Destination Domain Proto
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

103s

Max time network

143s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ru.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ru.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

92s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-filesystem-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

104s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-runtime-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-runtime-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

105s

Max time network

147s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.de.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.de.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

104s

Max time network

144s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-heap-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-heap-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

103s

Max time network

148s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\base\worker\workerMain.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\base\worker\workerMain.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

93s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\basic-languages\lua\lua.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\basic-languages\lua\lua.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral27

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

104s

Max time network

142s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-arm64\native\WebView2Loader.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-arm64\native\WebView2Loader.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

104s

Max time network

143s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-locale-l1-1-0.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\api-ms-win-crt-locale-l1-1-0.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

101s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

101s

Max time network

142s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.fr.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.fr.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral26

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

103s

Max time network

147s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\msvcp140.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\msvcp140.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250619-en

Max time kernel

146s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\index.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\edge_autofill_global_block_list.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\regex_patterns.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\data.txt C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\LICENSE C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_etld1_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\deny_full_domains.list C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_491695257\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\autofill_bypass_cache_forms.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\v1FieldTypes.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1637140705\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_1660680101\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4748_932127708\sets.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959579764252107" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1046626855-4157782226-1738848475-1000\{13716F67-DB46-4891-9DDF-5D5754916175} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4748 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2944 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 2336 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4748 wrote to memory of 5612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\index.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x35c,0x7ffdc9fef208,0x7ffdc9fef214,0x7ffdc9fef220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2268,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2312,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3492,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4868,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=3424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6132,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6124,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=888,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5312,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,1704106727605097053,833663958265322522,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 13.107.246.64:443 api.edgeoffer.microsoft.com tcp
GB 2.18.27.92:443 copilot.microsoft.com tcp
US 150.171.27.11:443 edge.microsoft.com tcp
GB 2.18.27.76:443 www.bing.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.28.11:443 edge.microsoft.com tcp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 8.8.8.8:53 edgeassetservice.azureedge.net udp
US 13.107.246.64:443 edgeassetservice.azureedge.net tcp
N/A 224.0.0.251:5353 udp
GB 2.18.27.76:443 www.bing.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 8.8.8.8:53 static.edge.microsoftapp.net udp
US 13.107.246.64:443 static.edge.microsoftapp.net tcp
US 150.171.28.11:443 edge.microsoft.com tcp
GB 2.18.27.82:443 www.bing.com udp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 199.232.210.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp
US 199.232.214.172:80 msedge.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 msedge.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ff9cffb2d1410084f652e5340950f2df
SHA1 b72e9bc299612cea0c381f25b924bab095e43876
SHA256 c05243424303992a009289c175d81e876579ceb5c4c3951faa8e07fba70a9ca7
SHA512 8ff7442f4cff96230c777d85ac1938d907f73a531e73a5f2e8b30b2f5c8d8a1370dea1823f66d34d67e830d06a9e16899786c6da7346c1a06ec62a2fbc59e1b0

\??\pipe\crashpad_4748_YOILLVZPLNFRQHSL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36d6ddd51958f3cf4471399f17b732f9
SHA1 c764cc33136fedd44be4733f72ff3ac2a70face2
SHA256 ba14232f9cb19f4bf76d1ae7b04df64817f102a5bafd6b482eb3a00888bfc322
SHA512 43b23dd088f52f2570efc6bb3d73c4436eec15a344674e86d640bbf32825e77809a50a3aa2c29902481d4d51a3e420efc66716d1afafcb69c27e44fcc0b5a5db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 9118725ba511485e718507f5a261e01a
SHA1 62e0c7768a33ae6d569285d3c9ccd48a5117a938
SHA256 e696168327d97c4205500e8f0071a1e983a790b4bd1abd4cc76266662c5df0a4
SHA512 9c1113e1fca7b3616497f512971f77ea6e0f6930314c46034ff4392773cd47992fe33f3a2d7972d166ad2d5dd4bd06f162fe81703b185c486633a394b3a51366

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

MD5 06d55006c2dec078a94558b85ae01aef
SHA1 6a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512 ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

MD5 0017ddbde953f1512d99574254884973
SHA1 1f405d39aedb90c18bd23bf1dd305c954422b335
SHA256 c65dd68141ee927bd1d045e3470eea109c29e9436bcbc64a2b8cd61c13f048b0
SHA512 8089a354efce0324c4db899ff96d8cad3536aa94c30957c9ca060b296347cff6f8aaa3bc7cade1f1d6e934666821714a63e4f07d23739361a0275aa58d184b10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8738fe0511b1f648aeecfca0113c1712
SHA1 28119ca05a5df58f6ff1993115189c1f48c2d0fc
SHA256 ea68ad9d5e7efc92662fa32a8b9407a56531c97a945976d0fc0d7283ba23faab
SHA512 69fb47f933055c3bf6c599157324fd7218f8296e62eae6c8a407139a804ec8cca2d863465ee1f31c9451722540ebcb2088bd331ab66e956d3a9781856e6925ca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 878c51a7140ac3b8608b2c1fecc7f453
SHA1 35b0c4f639cce1097eaa9044a108225e7cf596d9
SHA256 5b72d3e57fd31cf42c1215a92eb4bccb43d80659dc3f96030ff420616f51c54a
SHA512 13896da2220b44875328a9cac25aae965c2fde046cd0e57ace8b1747126f099ba1554b2e269918623df9fe15a9fdeeabad2e3d8d2d959971065688e3c5a95257

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e5c4f3f95afe7b2e64e960cb427801c8
SHA1 ec69573872dc62d895f7fdbd41a9476146db3f49
SHA256 fea499c65d17eef14b246b07d234dd30004177940a145960229ec2c3a5b94142
SHA512 ea5c7bfc218ef520a78da06dfe876bf3eac2342ef3a4b7a8a6c50399ef46707f9bf964131ce7070da61ad6b3bf1b1403c0a1243871ec4cdd5b1b88b3ed222935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dbf3aad50ca17ddb2db2e34c665c8ca4
SHA1 8ac78e4d105848304bb4443a860dae0b3d32965f
SHA256 be6e1bb53e8ca12b63d532897a40ab6a1ce476676b00d27cee70b3a0c2402544
SHA512 a1065bef27d03f0741d7b958d7c90e32d5b9f48f3104242f1a5117c04dbf2790e8c3b8ea93ee3c595c469b945ec3948473becb8a37dcfd5c6c1d9faf053d8aba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

MD5 2069b737ca415eff6454a252fc67a4c1
SHA1 03a6b3c615b2dcba0f100277d35efc21ee79dc08
SHA256 38b672f1647a139784161b36a03f4f7f7a74281d0e0bee848c89a833441dce48
SHA512 8be6ed7b1dcbc10bed95af47e52f764696e495cec13146dde9d4838400415d4811a78090e4477916d5db9d3d20f6f140e57b5248dc487431c97a4c4c38570d29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e3a3fd751b51d0417b1642406104396
SHA1 38a9b09777ee3e599ebaef52b929a9df37978fcd
SHA256 a5ddc1926fba7b39c097aea380195f830910a811a3a8579ca6035178d42ea1ec
SHA512 132653a3b5bd0d8fc8ae8c16a77cb9af064e3e28ca2bae03b2f7bbc49e6fdfbc15766a37c6d26965fc431309dc973e47ef8472c0608d0e91318eb52b92535345

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 82adb2dd8a136a0781ec050a145fcd58
SHA1 01d653c936339f4f4508cd97f9f54da6316a1bcb
SHA256 cbb27eb2c6f21ba18689a195fc68cc1b17223fa18c41d7af49e21f97850a7d93
SHA512 f67024251adde60b465092b23f3b1d4d8f692f53421c1250030fadf0099387b1b5074478786f5815027acbcdbe309fd3501354e9a2a9333f4ae1e369e39fc19a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0eec30c2dc8d65d8b4c4028650d0b72
SHA1 172080403613538e58f54f68abf629c77c5a2df3
SHA256 c76fe26e15382f07f8399d474ec17f5d44ce3da970089997ac5aa3d30c9bd1bb
SHA512 8530796c7641b8ce7d3cce339ba2205e134ac4c1319041d4eca04be48c9a45915fd54faab4ce1e425b43d4f6eee195f645652f6469f88c0bc6d2886d3f64e0bd

Analysis: behavioral14

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

104s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.es.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.es.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250410-en

Max time kernel

105s

Max time network

149s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ko.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.ko.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250610-en

Max time kernel

101s

Max time network

141s

Command Line

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.zh-tw.js

Signatures

Command and Scripting Interpreter: JavaScript

execution

Processes

C:\Windows\system32\wscript.exe

wscript.exe C:\Users\Admin\AppData\Local\Temp\Seliware\bin\Monaco\vs\editor\editor.main.nls.zh-tw.js

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A

Analysis: behavioral29

Detonation Overview

Submitted

2025-07-02 19:25

Reported

2025-07-02 19:28

Platform

win10ltsc2021-20250410-en

Max time kernel

103s

Max time network

145s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-x86\native\WebView2Loader.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4536 wrote to memory of 2012 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4536 wrote to memory of 2012 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 4536 wrote to memory of 2012 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Seliware\runtimes\win-x86\native\WebView2Loader.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2012 -ip 2012

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

N/A