Malware Analysis Report

2025-04-13 12:23

Sample ID 250320-gd82cavsfx
Target JUSTIFICANTE PAGO.exe.zip
SHA256 99d51eb9f2f98ed2de0134b9624a06a7f6102b91dadb0525db661751aff44b7a
Tags
stealerium collection credential_access discovery persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

99d51eb9f2f98ed2de0134b9624a06a7f6102b91dadb0525db661751aff44b7a

Threat Level: Known bad

The file JUSTIFICANTE PAGO.exe.zip was found to be: Known bad.

Malicious Activity Summary

stealerium collection credential_access discovery persistence privilege_escalation spyware stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Stealerium

Stealerium family

Uses browser remote debugging

Reads user/profile data of web browsers

Checks computer location settings

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

Unsigned PE

Browser Information Discovery

System Network Configuration Discovery: Wi-Fi Discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Delays execution with timeout.exe

outlook_win_path

outlook_office_path

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-20 05:42

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-20 05:42

Reported

2025-03-20 05:45

Platform

win7-20240729-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe

"C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.total-procurement.com udp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp

Files

memory/304-0-0x000007FEF5DC3000-0x000007FEF5DC4000-memory.dmp

memory/304-1-0x00000000011D0000-0x00000000011E8000-memory.dmp

memory/304-2-0x0000000000470000-0x000000000047E000-memory.dmp

memory/304-3-0x000007FEF5DC0000-0x000007FEF67AC000-memory.dmp

memory/304-4-0x000007FEF5DC3000-0x000007FEF5DC4000-memory.dmp

memory/304-5-0x000007FEF5DC0000-0x000007FEF67AC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-20 05:42

Reported

2025-03-20 05:45

Platform

win10v2004-20250314-en

Max time kernel

95s

Max time network

135s

Command Line

C:\Windows\Explorer.EXE

Signatures

Stealerium

stealer stealerium

Stealerium family

stealerium

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 4944 created 3512 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Windows\Explorer.EXE

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4944 set thread context of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Wi-Fi Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\cmd.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869230265344594" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 4944 wrote to memory of 764 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe
PID 764 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 3884 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 764 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Windows\SYSTEM32\cmd.exe
PID 764 wrote to memory of 4664 N/A C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe C:\Windows\SYSTEM32\cmd.exe
PID 3884 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3184 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4664 wrote to memory of 4036 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 4664 wrote to memory of 4036 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 4664 wrote to memory of 4480 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 4664 wrote to memory of 4480 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 4664 wrote to memory of 4936 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 4664 wrote to memory of 4936 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 3884 wrote to memory of 348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3884 wrote to memory of 3796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe

"C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe"

C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe

"C:\Users\Admin\AppData\Local\Temp\JUSTIFICANTE PAGO.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --disable-gpu --disable-logging

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d48adcf8,0x7ff9d48add04,0x7ff9d48add10

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\findstr.exe

findstr All

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2072,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2068 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1976,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2416,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2420 /prefetch:8

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4152,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4148 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4600 /prefetch:1

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5196,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5404,i,13914057076258841950,7385738255659199400,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5400 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --disable-gpu --disable-logging

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f0,0x7ff9d472f208,0x7ff9d472f214,0x7ff9d472f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2024,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2016 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2076,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2072 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2616,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3580,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4136,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=4132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --extension-process --renderer-sub-type=extension --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4152,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=4140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5068,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=5140,i,2510967346384096309,7547947056825657242,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=5128 /prefetch:8

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\b70e3978-fcea-4883-b141-fed69d1e97af.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\taskkill.exe

taskkill /F /PID 764

C:\Windows\system32\timeout.exe

timeout /T 2 /NOBREAK

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.total-procurement.com udp
US 172.245.136.70:443 www.total-procurement.com tcp
GB 142.250.187.195:80 c.pki.goog tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 216.58.212.206:443 play.google.com udp
US 8.8.8.8:53 icanhazip.com udp
GB 216.58.212.206:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 104.16.184.241:80 icanhazip.com tcp
GB 142.250.200.46:443 clients2.google.com udp
GB 216.58.212.206:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.google.com udp
US 13.107.21.239:80 edge.microsoft.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 204.79.197.239:443 edge.microsoft.com tcp
GB 142.250.200.46:443 clients2.google.com tcp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
GB 95.100.153.183:443 copilot.microsoft.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.187.225:443 clients2.googleusercontent.com tcp
GB 142.250.187.225:443 clients2.googleusercontent.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 2.18.190.182:443 assets.msn.com tcp
GB 2.18.190.182:443 assets.msn.com tcp
GB 2.18.190.182:443 assets.msn.com tcp
GB 2.18.190.182:443 assets.msn.com tcp
GB 2.18.190.182:443 assets.msn.com tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
GB 2.18.190.170:443 msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 95.100.153.143:443 www.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
US 150.171.27.10:443 c.bing.com tcp
GB 2.18.190.182:443 assets.msn.com tcp
GB 95.100.153.157:443 www.bing.com tcp
GB 18.165.242.110:443 sb.scorecardresearch.com tcp
US 2.16.55.225:443 img-s-msn-com.akamaized.net tcp
GB 2.18.190.182:443 assets.msn.com udp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
US 104.16.184.241:80 icanhazip.com tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 104.16.184.241:80 icanhazip.com tcp
NL 149.154.167.220:443 api.telegram.org tcp

Files

memory/4944-0-0x00007FF9D9A33000-0x00007FF9D9A35000-memory.dmp

memory/4944-1-0x00000194E7D60000-0x00000194E7D78000-memory.dmp

memory/4944-2-0x00000194E8150000-0x00000194E815E000-memory.dmp

memory/4944-3-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-4-0x00000194EA460000-0x00000194EAC34000-memory.dmp

memory/4944-8-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-18-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-16-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-28-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-32-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-36-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-52-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-60-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-64-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-62-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-56-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-54-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-58-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-50-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-48-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-46-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-45-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-42-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-35-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-40-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-38-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-30-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-26-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-24-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-22-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-20-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-12-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-10-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-14-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-68-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-66-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-6-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-5-0x00000194EA460000-0x00000194EAC2E000-memory.dmp

memory/4944-167-0x00007FF9D9A33000-0x00007FF9D9A35000-memory.dmp

memory/4944-270-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1343-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1344-0x00000194EAC30000-0x00000194EB35C000-memory.dmp

memory/4944-1345-0x00000194EB360000-0x00000194EBA88000-memory.dmp

memory/4944-1346-0x00000194E99B0000-0x00000194E99FC000-memory.dmp

memory/4944-1347-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1348-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1349-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1350-0x00000194ECB80000-0x00000194ECBD4000-memory.dmp

memory/4944-1353-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1356-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/764-1359-0x0000000000400000-0x0000000000B0E000-memory.dmp

memory/4944-1360-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1361-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/4944-1358-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/764-1362-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

memory/764-1363-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 8b302b6fb513df2f1bc1714b9fbbcfc1
SHA1 c5c04dcee1f3418528a2d0c6466ea9ad27dfd01f
SHA256 5f16af36cd257f48f8128d478f707a724c58c816f221005fb764d80b27e49ad8
SHA512 7b97bee3dfedc399e73fccfa2fdbc99d6903f6bb594ec69fa087cb96a529aade799e92036f9f4f6af13d7271f0683117ee003d9794b03b5bd3728351aba2ce2e

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 82e653644db893ccc0f5ff724cd0d874
SHA1 7b5ccf757bb03eb5a71d7d449757e3f33cbefb4d
SHA256 1432bd182c37a6a1a16a9a1190e88624bfa60a62531dfe2c8475473e764c0678
SHA512 194927a6eee5a5d3482f181a944ffedbb429fedf9e4a44ba897e05628fe921879787e9ea7bd46fcb6f51a3e720abc5d5e4839d32ad518d58c9e14a6d72f71cd9

memory/764-1397-0x000001E4A9420000-0x000001E4A94D2000-memory.dmp

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 07a41db6f890984351511bac97887638
SHA1 6b21f2ec13a88fccec0913019429b2fa6bb45a84
SHA256 14edc18ec95b22eab59056aa4823a47676bfdcf22ae349e91d944446b72ea7cc
SHA512 fe2e4139b67afad3e7cb86a5c4c03d82545a53ad404171938bf79f0b902484b87032590d2d8b21d9de999c3370342439c1a97b13e46983d0f001ee17ff9eff73

\??\pipe\crashpad_3884_LRCTKNNVJIMKLCMK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8949e66768e4efd9170290d988147825
SHA1 78bdadada43bec56e0c3137751905649b2fc0767
SHA256 94d1a0977bc74ac4b8742b3d6ca0c9af47409cde8c831c0ad1e65888c0594c1c
SHA512 df21557536b2ef3bb7d401a1e2276f50dbff01f5e72214e7300e1972f59228e69dd08e902b2b13187ffe2f9ce1bc76678c11fe2cab00539925c09adaa976d35c

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 38e48ca868d611d9a7db55b2fc2869dd
SHA1 90df2a7c3a109dda8f83f0a9b8019ce47dc346d2
SHA256 305f2efb35531f41253afa3f582afc857a027759eef7fe416edd3c973aceabee
SHA512 39ee74bdf3374ddc5f9c7baf6ed8bedfc3624b884c8a859e8a7460d43703244d5a5b6a9a86a0f30c4f2245b5ce753fff18e54af21145bfb01758e569db5fb07a

memory/764-1440-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 4f698a2dacbf62e8f4c68f12cf11ac25
SHA1 328432479aedd266b93678607f101a5e2143c6b2
SHA256 7651c70d6280afff25ee28d32d2846305ccc910f3dc1403b6e222fe49ce2329b
SHA512 77c7d6d7809bce722377dc19dc92ee39177383be0f52084e36bf2ac94c517c7de53e61cf1c43ecc88ff8541a429cd32955ead245981dc23b0ba70b608c1e99e4

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 4bbd47adbe33fc104e2a03dd7be55b6c
SHA1 f11f9341e624757d0bc173078a66d51abcaa1ed3
SHA256 24b15dfd37a3c38414a0458edcf1cc3a65e5901d9b15649f9d0fa0f179a2dea5
SHA512 54dbf14195e1dfea134a43a580c32dad72a6ae220ea51b82d6539ca68458ced2acbfd115b3cc8ca8e29bd3253527301fe3b492e69bc5031a5b1df50b34069944

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Process.txt

MD5 ea62f2aa11fa22c910d571f91804ae04
SHA1 7e420dd804f2854a36833eb106f57726384e16c5
SHA256 04ad9c9fc7042366d60ac2d754894cb79f2a31d8cd5532b3fdf47823aae8ce94
SHA512 2219467a3d74373776abd2ad01b90b0a5da9d423a4f6835c700f8efabc86f0633a23355812f90317f35f9d99fd74aa0a2010b564ec6cc082c326df4a9141cab6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/764-1510-0x000001E4AAAC0000-0x000001E4AAAE2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fed4ab68611c6ce720965bcb5dfbf546
SHA1 af33fc71721625645993be6fcba5c5852e210864
SHA256 c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4
SHA512 f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f0051d27-3991-4865-90c7-b7f4f8fd852a.tmp

MD5 511273fce45fcc40714f24aff43d8b85
SHA1 ee557780cb1ccdb238eff71828f0fe014fd8e6ae
SHA256 8b5bc45fb33db33e34fe86556fbbbe67119660a7f751ba268cb282e321faaa97
SHA512 ddd0d5a6831b42bdc6a71aea5e9d3ecf09721b50fa08d65791633de2bd6fff8bd2d016e0a86a3050207be723b6651bb644f34ea8d8c60c09259b521f46db348a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f2c486947683e18007fbc22c766706f6
SHA1 7c435150c987534c834e5cb15303b9fa2c50cda1
SHA256 a3711fcda03c8058b8e5eb1f2b554302c322ee36741c2c71ef80c2638864253d
SHA512 e546807cea38716c3740f0a53bca189aa24081195dc000415f37dd849e98ef1aee7c7429a05dbfba1e2fdf9410435d6a6d11a2dd3d5ca9abe124358347d4e1d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4013ebc7b496bf70ecf9f6824832d4ae
SHA1 cfdcdac5d8c939976c11525cf5e79c6a491c272a
SHA256 fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a
SHA512 96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 164a788f50529fc93a6077e50675c617
SHA1 c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256 b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512 ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index

MD5 82be4919adb89e9a6623c30ff5afbfab
SHA1 3266be45c785e546cc46978a7ada5b74f479a1d3
SHA256 a2618b41e1568c076e633bbb959592cc6a8096046785bca71e4fb870e87ddeef
SHA512 925ab1776a4c0984d3ac9c6270cc78c1dcc4ea3ed28ccaddc55642e6b41c517dd9628886924b1c68c9add8974f6d4b28dc2d14c03c25a88e99ef6db195992e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index~RFe5890a2.TMP

MD5 eb674603d78363e949ec8207148654b6
SHA1 07b1c97acb8e0e2a517345bc452f26880c0db3b0
SHA256 0db8b6f7264d2d36aae860b69f67280f54bd6e545f64fdcb1ec99f1162fd1d77
SHA512 1d13ea4c16572215a78e01d2ee4a784a73aa44b0b1afef488043b2354b3888bd5a80d4be619745a1ea8e3efaf4736961f566297cc7e9b4ef0f1771bbd8c6ada2

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\Browsers\Microsoft Edge\Cookies.txt

MD5 7a8b1a726cf206f3affd10b06ff8486f
SHA1 ab361cde9109d7355c9da7ac90bd20c7ed4c342b
SHA256 226a7f3842ccf254454f0e8f7e384e468d798063fbb9a27f8a594abaf60542e2
SHA512 8c823d68c825818cc801475699c8cf7951164a6ad4c054a583d54fbadc6196b3ff2c0e0da32ff5c3396e357559d44830540db999e54324dec7ced4cac6dfa7b9

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Apps.txt

MD5 5910dd35339b766631033522caea88b5
SHA1 c87534522075568495ec691f823922d2a540e194
SHA256 d456ef7a1b3fc616b649e6352d46cf60ccf78049130c63ebac52c78472d5bcff
SHA512 dbf890cb1561df34c12171f3d21f9b6430c2a5666085c932f59b36b802f1d50e4072e3feeb082c0aa9a4c1b5f2a08e1237e21e5ef9f6f9def6e08825ffd90bb5

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\System\Apps.txt

MD5 0b7663b9bc89752bbe9066576e821542
SHA1 d94208d9fffc253c46eeca7155b87dce995a577f
SHA256 b226298128ed99021ef78c5009ef0c4c114c1dd9eb4f512c4d6f0b2aca6ef21d
SHA512 8960d65c8a68a32d10e64b119744085282fc5fb663d01c8e320ecc6c9e08f902907cb83ffabb605cf6f67c83967928b6037a18e20776bf724812978faba1c9a1

memory/764-1710-0x000001E4AAAF0000-0x000001E4AAB34000-memory.dmp

memory/764-1711-0x000001E4AAB30000-0x000001E4AAB4A000-memory.dmp

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\Admin@IQNFYLSS_en-US\Browsers\Firefox\Bookmarks.txt

MD5 70e1643c50773124c0e1dbf69c8be193
SHA1 0e2e6fd8d0b49dddf9ea59013a425d586cb4730c
SHA256 4fe3f09cb4d635df136ea45a11c05f74200fc6e855a75f9a27c0a0d32a2f632a
SHA512 664e5d9263c0137f841daeb3dff00010ffeb7291ed08ccf6d0483200cd6d6bd3c9d31ea7e67a9de6aac591397060d8f01e8469bbad67d8e2f1c3900ef24c3679

C:\Users\Admin\AppData\Local\662168476a28c8adbdc6a073c54e05db\msgid.dat

MD5 38b3eff8baf56627478ec76a704e9b52
SHA1 dbc0f004854457f59fb16ab863a3a1722cef553f
SHA256 16dc368a89b428b2485484313ba67a3912ca03f2b2b42429174a4f8b3dc84e44
SHA512 be37ccebe21815559666b60338ec1492670b8fd2bf6cc63c5c943639ddcc50981003846b75b9e97ad0c0c19484292f59b1d30b45c7b07d1f8973bae68a3b8431

C:\Users\Admin\AppData\Local\Temp\b70e3978-fcea-4883-b141-fed69d1e97af.bat

MD5 8fda70f5838a17130c1c8bb0401fe29f
SHA1 73d577720edb1a834a9e6309dcfd6923852bd909
SHA256 92fa3b1b63f0dbcb9452350c29840e699315fcf2225698b11eeb4378179c3099
SHA512 0d4778ad07b59163c7ec3f4465e825818844e8562ed3edaa13fc5b0e059624bf419cf69ec75944fa57bfb07938e2aa3ef256f2db8cc099b7e64f06fdae068523

memory/764-1797-0x00007FF9D9A30000-0x00007FF9DA4F1000-memory.dmp