Loads dropped DLL

Reads local data of messenger clients

Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

Unsecured Credentials: Credentials In Files

Steal credentials from unsecured files.

Accesses Microsoft Outlook profiles

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of NtCreateThreadExHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext