Analysis Overview
SHA256
a122f35e32fc7dfc16f5228e7accf3fb16f009e0ae023979b1946c3c08cf0380
Threat Level: Known bad
The file 22032025_0113_21032025_FACTURAS.gz was found to be: Known bad.
Malicious Activity Summary
Stealerium family
Stealerium
Suspicious use of NtCreateUserProcessOtherParentProcess
Uses browser remote debugging
Reads user/profile data of web browsers
Checks computer location settings
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Suspicious use of SetThreadContext
Enumerates physical storage devices
Browser Information Discovery
Event Triggered Execution: Netsh Helper DLL
System Network Configuration Discovery: Wi-Fi Discovery
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Enumerates system info in registry
outlook_win_path
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
outlook_office_path
Checks processor information in registry
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-22 01:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-22 01:26
Reported
2025-03-22 01:29
Platform
win7-20240903-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.total-procurement.com | udp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 172.245.136.70:443 | tcp |
Files
memory/2524-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp
memory/2524-1-0x0000000000EA0000-0x0000000000EBC000-memory.dmp
memory/2524-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp
memory/2524-3-0x000007FEF6003000-0x000007FEF6004000-memory.dmp
memory/2524-4-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-03-22 01:26
Reported
2025-03-22 01:29
Platform
win10v2004-20250314-en
Max time kernel
103s
Max time network
141s
Command Line
Signatures
Stealerium
Stealerium family
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5208 created 3588 | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | C:\Windows\Explorer.EXE |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | icanhazip.com | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5208 set thread context of 3440 | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\system32\netsh.exe | N/A |
System Network Configuration Discovery: Wi-Fi Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870804646497182" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"
C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --disable-gpu --disable-logging
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe24c3dcf8,0x7ffe24c3dd04,0x7ffe24c3dd10
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\findstr.exe
findstr All
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1964,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2196,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2296,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3912,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3908 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4456,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4452 /prefetch:1
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\netsh.exe
netsh wlan show networks mode=bssid
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5240,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5304,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5300 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --disable-gpu --disable-logging
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffe2352f208,0x7ffe2352f214,0x7ffe2352f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2168,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2136,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2128 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2568,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\54326d1a-3cb8-4fe5-a297-0f535d09185b.bat"
C:\Windows\system32\chcp.com
chcp 65001
C:\Windows\system32\taskkill.exe
taskkill /F /PID 3440
C:\Windows\system32\timeout.exe
timeout /T 2 /NOBREAK
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.total-procurement.com | udp |
| US | 172.245.136.70:443 | www.total-procurement.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | api.telegram.org | udp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 172.217.16.234:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | icanhazip.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| GB | 172.217.169.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 95.100.153.183:443 | copilot.microsoft.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | evcs-ocsp.ws.symantec.com | udp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 104.78.173.45:80 | evcs-ocsp.ws.symantec.com | tcp |
| US | 8.8.8.8:53 | evcs-crl.ws.symantec.com | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| GB | 104.78.173.45:80 | evcs-crl.ws.symantec.com | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| GB | 95.100.153.143:443 | www.bing.com | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | tcp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| GB | 95.100.153.143:443 | www.bing.com | tcp |
| GB | 18.165.160.126:443 | sb.scorecardresearch.com | tcp |
| GB | 2.19.252.154:443 | img-s-msn-com.akamaized.net | tcp |
| GB | 2.18.190.99:443 | assets.msn.com | udp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| N/A | 127.0.0.1:9222 | tcp | |
| N/A | 127.0.0.1:9222 | tcp | |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
| US | 104.16.184.241:80 | icanhazip.com | tcp |
| NL | 149.154.167.220:443 | api.telegram.org | tcp |
Files
memory/5208-0-0x00007FFE2AA73000-0x00007FFE2AA75000-memory.dmp
memory/5208-1-0x000001BBC06B0000-0x000001BBC06CC000-memory.dmp
memory/5208-2-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-3-0x00007FFE2AA73000-0x00007FFE2AA75000-memory.dmp
memory/5208-4-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-5-0x000001BBDAE50000-0x000001BBDB624000-memory.dmp
memory/5208-6-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-17-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-15-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-19-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-31-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-29-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-27-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-25-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-23-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-13-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-21-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-11-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-9-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-7-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-41-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-33-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-37-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-45-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-43-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-53-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-67-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-65-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-69-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-63-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-61-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-59-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-57-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-56-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-51-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-49-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-48-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-39-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-35-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp
memory/5208-1342-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1343-0x000001BBDB620000-0x000001BBDBD4C000-memory.dmp
memory/5208-1344-0x000001BBDBD50000-0x000001BBDC478000-memory.dmp
memory/5208-1345-0x000001BBC2310000-0x000001BBC235C000-memory.dmp
memory/5208-1346-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1347-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1348-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1349-0x000001BBDACD0000-0x000001BBDAD24000-memory.dmp
memory/5208-1353-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1355-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1356-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1359-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/5208-1360-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/3440-1358-0x0000000000400000-0x0000000000B0E000-memory.dmp
memory/3440-1361-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/3440-1362-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp
memory/3440-1372-0x00000241FE610000-0x00000241FE6C2000-memory.dmp
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt
| MD5 | 00dcaa881f754e13828bbf6b979257a7 |
| SHA1 | a83d4f94e107fe5389bb5e8ba6bb821580a65310 |
| SHA256 | 1f5ae9c7f3c0793f477eb79ca6856d4d9884de9926ccb91df9d78ca7ab977d75 |
| SHA512 | e6b8ff34fb85c8737099d8ba0be1a8d32fc232c9c8bc2604531de8dfd363fae8ea795d9556b2c5736882a4d23733a36752a07972dd49a8a909ae31c3b692f3cf |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt
| MD5 | 3c04a312f402f2a01fa3be4fadde2a09 |
| SHA1 | 97872f69759f8044e73d39398df4f5e16e6721af |
| SHA256 | 1481bad22e8c792102be9b4a12aafccb5e6aec2f551daca956403f81cb7850c7 |
| SHA512 | b87e55d368fedf51787e5539b4be00f2d328cc0b8ded8eeb581ae28c269260da5db821a905b46d18d08ea026d75dbf5acb947283c88b70c7c85c31d1884fd375 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d94c46d7719a784ae00840130d3d4026 |
| SHA1 | 1cff6c21e201c22965f00d8cc70c0e0881826fda |
| SHA256 | f2c7ccb94f418daa70f2993d4b55295d2f962c8d8a02b5e27a61a44d6f38c320 |
| SHA512 | bab3f59c222d8e4dc557cbd050e2065782bfd00bd20eb06213d46513577fc8f968a766f2c9075a7770b5ca5373033f4f8767d795006713d2324fae659a935b64 |
\??\pipe\crashpad_912_YXSDBUZLDQWPCOYM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt
| MD5 | 1e0598375aefaa3b8f4b26cc6954e9fa |
| SHA1 | 271d338ee55cead16df79c32305839f7e24a1c43 |
| SHA256 | 784097c3e4e4332cb1e1ebc1df428bc54c4588a982afc10405cb0d37b4fee2df |
| SHA512 | 2a8f3c203b1f0bf812106aa658151f296e63ac158c4a0e051edae10bc3cdb2b1477722e705413e65c1e0552b446b23dd20aebebb8b2b2549e6e1baa8f5e5e38e |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt
| MD5 | 7bcef92d68634eece4c2babd1ef67818 |
| SHA1 | 2f01327227d7fc9fdc050b51f0b71004f4cca90c |
| SHA256 | 28fe7f53ea71ce46728da4033a1f66cb56835790d5ae651deabaa758191cd02c |
| SHA512 | 5365b61abd2d2cae5b084908fb0e75a421d982ac1e325ae8fcbb7301c52a32ad26ea5596420f747f69e175f8441f88e3d7e05c4c9bbbfaabd7ad7664da711439 |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt
| MD5 | 700013e83609bf751f9abc6ccc33df31 |
| SHA1 | 485a60d34d171e41908122f45ce97f67a404b1f5 |
| SHA256 | a813c3195483520cd8af05daa754b638be824960faededc3321c6595d5a83f39 |
| SHA512 | 6e828a7ba91e772364a4e99c98e037e1a78867abc26e3a42422a23872a60ffd83af0d15e2f8425efe3531c34e33dcbfa7c6035047d14025bbbed8b85ed0ebfbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/3440-1518-0x00000241FE820000-0x00000241FE842000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 92c18abe51b50407db69747c06f2c8f7 |
| SHA1 | 7e375d2a36a478bb7a54089469ec389a1f1e98fa |
| SHA256 | 5088d439162b7d349819637ecf3fd407b97648a4c5fb51d6ce9de45fb496e025 |
| SHA512 | 8428389155f8c0fdafae1670d482425a13bc1a0829d102cbf74a63ebbcc672eec6ab45ea3c94295867145f513f2a50db8d3786f9891a72f706da4026e67fcbc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 690f9d619434781cadb75580a074a84d |
| SHA1 | 9c952a5597941ab800cae7262842ab6ac0b82ab1 |
| SHA256 | fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1 |
| SHA512 | d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe5888a3.TMP
| MD5 | 0f15e505c197785a1d1b50e3e5376db4 |
| SHA1 | 23a14f9b2628d3611c3c194c60206f145ef7ef03 |
| SHA256 | 7591155696323c5ad0745eec79ab0ae561c65a8dd1e85641850c871478797863 |
| SHA512 | d1633f0cc31f06fe219c0e8f967a139ccc3d0f7a061cff16b52c82c6390f0651d2017dfe40721cb559f10611428c8582fd27a754e85288bc8a56981fe1e6af6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index
| MD5 | d09ec6cd45c36816b6a408427a1e6db5 |
| SHA1 | e5832fd6b2fdb441bc6ee77d0a6b9b0fc8381e6b |
| SHA256 | 666857d2f23066237be6ee21dc3a6d8d8b6cc8606f78c56761288d312a8f6c8d |
| SHA512 | d751ed8c5e8bd7605f759fc06eedc762c6f451231f490393903cb506ac408b8e5ae544357bb1791e000de114830623939016be7a725d58c16106a132e2af087a |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\Browsers\Microsoft Edge\Cookies.txt
| MD5 | bb7e8f9f1a76f581bd4e0f73ef391e76 |
| SHA1 | 2be852cae8386b4ea6b97408a07df0c8272bded2 |
| SHA256 | b5ce15b32d8bfef0e674cbe5f3b5f83cf1a3b5f340ce5e9d498696333b15aaa1 |
| SHA512 | 61f9674e54262bb3fd2f31273af50c0107ab16d4a0a1572ebad95ad3f3155f88e720e43a95ae244cb490da8a6043dab8d43f2561910ff43188ba961be07e52df |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Apps.txt
| MD5 | f2a640d3dd6c363654908273ede6e94c |
| SHA1 | 79b93351400df4776b9f0cfb4ee3369d83b0a937 |
| SHA256 | 0ba8dbdef4487b3afc802a9995cab8428d359c5550def7961c702f95c6dcb184 |
| SHA512 | 6ebb593f7dadca51e61bca7dad689fd43767131cf83c8a80423444c37198327070e91535aee022fdb0fde5f403060ad02de8fe256df4a458a31d4444aa9bf790 |
memory/3440-1708-0x00000241FE7A0000-0x00000241FE7E4000-memory.dmp
memory/3440-1709-0x00000241FE850000-0x00000241FE86A000-memory.dmp
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\Browsers\Firefox\Bookmarks.txt
| MD5 | 70e1643c50773124c0e1dbf69c8be193 |
| SHA1 | 0e2e6fd8d0b49dddf9ea59013a425d586cb4730c |
| SHA256 | 4fe3f09cb4d635df136ea45a11c05f74200fc6e855a75f9a27c0a0d32a2f632a |
| SHA512 | 664e5d9263c0137f841daeb3dff00010ffeb7291ed08ccf6d0483200cd6d6bd3c9d31ea7e67a9de6aac591397060d8f01e8469bbad67d8e2f1c3900ef24c3679 |
C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\msgid.dat
| MD5 | a532400ed62e772b9dc0b86f46e583ff |
| SHA1 | 88a9d5a83b2b7e4bc74200cc205858df88a90f44 |
| SHA256 | bda584056eb9957d6c681e00079eff36fec289e2a0432a4221b95438dfef5ca4 |
| SHA512 | 773177d079d116ceaa805896970513ad22d1516352e24529b852be76c992184e06c0efd48964e3062e8c2fa6a158b9de503e9c105a28367a73dfd8e8e796dfef |
C:\Users\Admin\AppData\Local\Temp\54326d1a-3cb8-4fe5-a297-0f535d09185b.bat
| MD5 | 671bffeab3591963df8e3ba94acf385c |
| SHA1 | b3e69f84a1e5e288567d44aa9058a1d7e2b6818c |
| SHA256 | ab46679466603737203746d33b672b5de7f89ab3a3c3662273499786d6c7299f |
| SHA512 | c5d9b07aa9289ce20b7019d9cae7ea11e0a6f124de4bc4126daf68a976c1cd292aadd57fe5a4d7a6269f5a600712792c1bc530fce29a80139b8112c9365e2fa0 |
memory/3440-1798-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp