Analysis Overview
SHA256
3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158
Threat Level: Known bad
The file 3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe was found to be: Known bad.
Malicious Activity Summary
Stealerium
Stealerium family
Uses browser remote debugging
Checks computer location settings
Reads user/profile data of web browsers
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Enumerates physical storage devices
System Network Configuration Discovery: Wi-Fi Discovery
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
outlook_win_path
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
outlook_office_path
Checks processor information in registry
Suspicious use of WriteProcessMemory
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-19 02:33
Signatures
Stealerium family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-19 02:33
Reported
2025-03-19 02:35
Platform
win7-20250207-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Stealerium
Stealerium family
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe
"C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\f57eebd8-2e05-4aa2-9db1-b97e930a6f1e.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\taskkill.exe
taskkill /F /PID 2296
C:\Windows\system32\timeout.exe
timeout /T 2 /NOBREAK
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
memory/2296-0-0x000007FEF5D93000-0x000007FEF5D94000-memory.dmp
memory/2296-1-0x0000000000A60000-0x000000000116E000-memory.dmp
memory/2296-2-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\f57eebd8-2e05-4aa2-9db1-b97e930a6f1e.bat
| MD5 | d01eec4ff5eb590bd890c48df3fbd82d |
| SHA1 | b63925517e71e43303d5a24f11d6a58caa92393b |
| SHA256 | 6dc0f2a3ca1c43c0ef6c8e801ca88b13fd46836bf354abfd8ba49931f23a1e5b |
| SHA512 | d236f1a6750b8065be95c8d553c1c1afeb8624cc75382b74d4886140c32a73fc708bbb2dfe64e89c4f9634808a598efae1eda4d9407b62a7bd373d891eb62827 |
memory/2296-5-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-19 02:33
Reported
2025-03-19 02:35
Platform
win10v2004-20250314-en
Max time kernel
130s
Max time network
125s
Command Line
Signatures
Stealerium
Stealerium family
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133868252035648335" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe
"C:\Users\Admin\AppData\Local\Temp\3c62a4a3091cd0f0a91da1e92bf88c96e0da5f81dd0b434ffb5fb55948928158.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --disable-gpu --disable-logging
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc8e44dcf8,0x7ffc8e44dd04,0x7ffc8e44dd10
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2016,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1944 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1808,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1796 /prefetch:2
C:\Windows\system32\findstr.exe
findstr All
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2280,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2936,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2960,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4104 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4392,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4396 /prefetch:1
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5144,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5384,i,12622075688426337538,14212697031735794830,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5380 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --disable-gpu --disable-logging
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffc8dd4f208,0x7ffc8dd4f214,0x7ffc8dd4f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2212,i,14816422194352660105,3275009408119394763,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2176,i,14816422194352660105,3275009408119394763,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2592,i,14816422194352660105,3275009408119394763,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2588 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,14816422194352660105,3275009408119394763,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3460,i,14816422194352660105,3275009408119394763,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\c1d8d12c-7f28-4a07-8236-dc64dda61b99.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3944
C:\Windows\system32\timeout.exe
timeout /T 2 /NOBREAK
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | tcp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| GB | 142.250.200.46:443 | clients2.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 2.18.190.166:443 | assets.msn.com | tcp |
| GB | 2.18.190.166:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 2.18.66.42:443 | www.bing.com | tcp |
| GB | 2.18.190.166:443 | assets.msn.com | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 2.18.66.72:443 | www.bing.com | tcp |
| GB | 18.172.88.20:443 | sb.scorecardresearch.com | tcp |
| US | 2.16.55.225:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.18.190.166:443 | assets.msn.com | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| N/A | 127.0.0.1:9222 | tcp | |
| GB | 2.18.190.166:443 | assets.msn.com | udp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 104.16.185.241:80 | icanhazip.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
Files
memory/3944-0-0x00007FFC921E3000-0x00007FFC921E5000-memory.dmp
memory/3944-1-0x000002ACB85D0000-0x000002ACB8CDE000-memory.dmp
memory/3944-2-0x00007FFC921E0000-0x00007FFC92CA1000-memory.dmp
memory/3944-29-0x000002ACD36A0000-0x000002ACD3752000-memory.dmp
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Process.txt
| MD5 | 0abdf062a08d0fdef746e11a294f6796 |
| SHA1 | 6625e10f254db540f5963be4fc8db8f11cc9d1a0 |
| SHA256 | 3d8f7a2987a91983e11c49ddfddb9151f8b34ab138e9ac48bf6d306bbdc02624 |
| SHA512 | 80ed2da6dd81fcaef5fab5e621b846876335ed224993b411c73f1c05ba8329e13ab4ccf25d4d660cf05ebb867a40c40c3307d72786a0bee72d268bc683b3231f |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Process.txt
| MD5 | a4899c269973b966545f1eed8e742263 |
| SHA1 | bfd80ac178a10212c3b836b35507d910c98b66f9 |
| SHA256 | 476870a3914e1f70e7eec2e779e523e63d81f4a4c60311c8bd97bd37f6e1c922 |
| SHA512 | 0277dc746331f3e9a777fcbc9399b01178cde9e646cf5fbfb6ab20d4b85717560ca5134b1857ce128166eddd3339c96268a29d95d44155614e22db20d0a61e0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fdf842e9aa964aef18ea74dce351bf17 |
| SHA1 | 74d5cbcbf09bb61041dc06bf6c4ec24986bb596e |
| SHA256 | ab22788eb0daa510b51658b7a14be6a847b2fc3648bea87de18f106bb1985aaf |
| SHA512 | 4f9f997526518ad8e1bb8f736617fa5c808896d6cc4dc41f0307b089d42170e598905998b6037342d29ec02e5ec6466af0efd4900fb3c1161214c56c12182e03 |
\??\pipe\crashpad_5668_TNGJFQWSXEOVRTAE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Process.txt
| MD5 | b91f3c0dc9de5873bebb9e95b2c515ee |
| SHA1 | 6ee604b099d6564a2acf2ce5385ea4f590f035c4 |
| SHA256 | da34cec73013ac166abc7fc93543c1ff2035f2a95cbcac4548ab329f1fc482bf |
| SHA512 | 079f2df7883c8823ba5d4d669f4b4b5860df22d6d897b073e427e5696d4db4c13398d6520f5078e97048a51748ce6e44a17b60cedd13e03ffbab49385c5aeb74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Process.txt
| MD5 | 594b262b926d793798fa692b39e561ff |
| SHA1 | b033f964d3e2f4203285fab116fdd1b17a437eb1 |
| SHA256 | 02f7847d5ba7fa7287e814e4e65e0c95a68acd142bf4d5520ef9112a268cd741 |
| SHA512 | c441e7738f47aaba06e2e372ba1b67db4b77be136a56ec61f3d3764bb52c76f39e7850cdc73299fc92c3506c894bdf3ed4d7305a6f28e25f995712973084b752 |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Process.txt
| MD5 | b74b8138cd82bea07128549febd29fc3 |
| SHA1 | f490748aee387a103505bf010e51b6b11da4e3f4 |
| SHA256 | 6b50339ff63748155f0ec01bd9a2614bfeb1580a38247dff4127888b6c87a7d7 |
| SHA512 | 67794c7128e070663df56e7e50e3c818ef0a9862ff4934f9a6cf349a28cb93e741d73efc3edffebabb992c610663963596493d124bf131a38b3e4ee8529b424e |
memory/3944-168-0x00007FFC921E3000-0x00007FFC921E5000-memory.dmp
memory/3944-171-0x00007FFC921E0000-0x00007FFC92CA1000-memory.dmp
memory/3944-174-0x000002ACD39A0000-0x000002ACD39C2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 42cacfa5eeace7082db4096227748f12 |
| SHA1 | 268ce692e05e31381bf40bbe23333d35f3110338 |
| SHA256 | 3822ed89ae578f5cdf1070d9f943065b9f4e33d7bef0abdbce63bd2571d314b7 |
| SHA512 | 0d050b6fe32e0b19d25b458c6223ad3f497f051c163b489430720e504c548a9177d32391f216aefd9c605ccbc8237b32006de2114537138dd7b32fa1e36a741b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c37f9d2c357647fca20f2eaa89c18edd |
| SHA1 | cfd1035ed2d057c317b48546f467209cbbe15f2e |
| SHA256 | 2ea3a0b7e6145fd110653b1a77cb827ad7e4a145c29378344bd3d28f595b2072 |
| SHA512 | 3563f4aca9e47f35de8cb38e42a3c0448bb3ec4c9183fa392abc28fee4ca08bf16da028ffbf31cf0c0f8301ed810238961e745590e5c71621bc5a2a889dd12f7 |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\System\Apps.txt
| MD5 | a326e1a219c861d13c44bf505f69abd5 |
| SHA1 | dcdf586a0f8d3259bb0f7fe4b2d5b2440e325bbb |
| SHA256 | ed8d869d56019ef4674af179a339ceb5a8deb7e0e66adb0918bdcd6729d957da |
| SHA512 | fba4e715f05fc00ddbb2123c4f0010fd29e83647eec0cb2309730344c9d433ae6d192894e960320f8d1abe64c949d5eb3101d3c2b8dc6d4ba81a5b49fa6552e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index
| MD5 | 7a9c348ac048a620e4ca0aec2a33f485 |
| SHA1 | fcb271239ef5f392cfc414df5dae630a12ae9c2b |
| SHA256 | 887bce29c94baa1883c6c0ec33b324b3809b1a7eef68cfca6c7460c1c088ebd0 |
| SHA512 | f6ec7e3bdfff14a2ab47740ba962c1eda18775e0f4081c54bd6b2aff007a840b3e496946e1aae56b3158ae2de270f4fdc003b296d7f2049c34332dab74a674c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4b544b14-1843-4673-a1cd-26e23142833b\index-dir\the-real-index~RFe57bdc2.TMP
| MD5 | 5e13f2a74897bfe462b55c2bcadcd1ed |
| SHA1 | 0a4983ce85080e0beb96d66d7c7b518aec791847 |
| SHA256 | c46d822959fd672b6466f30b6bef31c8474a7c8cfb14b91b137f5c725c8cd9e8 |
| SHA512 | 802043b7fc8a0acc7b46187938070c87cc5d750c493ce8163bda62decc70eb7a4c68037c93121fa2f41a29a05600dd8586492b94a8ed1f53ebf56442fef1afb6 |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\Browsers\Microsoft Edge\Cookies.txt
| MD5 | 8992b7cac2426aed96f34d9d5125ff10 |
| SHA1 | c5c50c302e0515789b96bda08cb4ce2e316de8ef |
| SHA256 | 43f8d2715f7ac556841bcf16bcef414e2e2b8501b284c956ce8b76fe114fd9e2 |
| SHA512 | 54c2327031f1f817b9eaa1b99030d11a7e7a674a5706319a5788e9051d562316bac46727c5c017b81b7b656944eaef995e5f2a4ab7c6861af0131b26e958b556 |
memory/3944-360-0x000002ACD39D0000-0x000002ACD3A14000-memory.dmp
memory/3944-361-0x000002ACD3970000-0x000002ACD398A000-memory.dmp
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\Admin@BLPWGAPS_en-US\Browsers\Firefox\Bookmarks.txt
| MD5 | 70e1643c50773124c0e1dbf69c8be193 |
| SHA1 | 0e2e6fd8d0b49dddf9ea59013a425d586cb4730c |
| SHA256 | 4fe3f09cb4d635df136ea45a11c05f74200fc6e855a75f9a27c0a0d32a2f632a |
| SHA512 | 664e5d9263c0137f841daeb3dff00010ffeb7291ed08ccf6d0483200cd6d6bd3c9d31ea7e67a9de6aac591397060d8f01e8469bbad67d8e2f1c3900ef24c3679 |
C:\Users\Admin\AppData\Local\a205a6f7ab0e061fec2d089d3b0140fd\msgid.dat
| MD5 | b59307fdacf7b2db12ec4bd5ca1caba8 |
| SHA1 | 79e3f0cbcea375142c38c2f8de09344cb9f8eef4 |
| SHA256 | b39885a157fd0cbf181d1c17bcc1517638727e04513097d6ddc4c1d51ea5f4b1 |
| SHA512 | 5ad258728081dd7d142275374fd6b4644dda088abc0f15b5d08fc33c18bbd16f18683ae15b257c9ba2d55c3cfd2b3d7187b175ea2f6d9fac0ca79ae1acf7cf11 |
C:\Users\Admin\AppData\Local\Temp\c1d8d12c-7f28-4a07-8236-dc64dda61b99.bat
| MD5 | 87c5cd74ed15e037858a832576799f60 |
| SHA1 | d8d482a9d1da45a9bf1caaf564176d3febd4dbdf |
| SHA256 | acccfd5277e3f58a670175e8a5f79f3c141ed9065940c346d066e0711dbe9a5a |
| SHA512 | 66b4bead3e721b15862e162c41593e7a6f1cd1cc185c3a72c89cd1915fa3ad0c594232bdff17f08fc12f39e2f5f42d54eb7894aece1b3539dc4338abe6855398 |
memory/3944-501-0x00007FFC921E0000-0x00007FFC92CA1000-memory.dmp