Malware Analysis Report

2025-04-13 12:23

Sample ID 250322-btrjcavwaw
Target 22032025_0113_21032025_FACTURAS.gz
SHA256 a122f35e32fc7dfc16f5228e7accf3fb16f009e0ae023979b1946c3c08cf0380
Tags
stealerium collection credential_access discovery persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a122f35e32fc7dfc16f5228e7accf3fb16f009e0ae023979b1946c3c08cf0380

Threat Level: Known bad

The file 22032025_0113_21032025_FACTURAS.gz was found to be: Known bad.

Malicious Activity Summary

stealerium collection credential_access discovery persistence privilege_escalation spyware stealer

Stealerium family

Stealerium

Suspicious use of NtCreateUserProcessOtherParentProcess

Uses browser remote debugging

Reads user/profile data of web browsers

Checks computer location settings

Looks up external IP address via web service

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

Enumerates physical storage devices

Browser Information Discovery

Event Triggered Execution: Netsh Helper DLL

System Network Configuration Discovery: Wi-Fi Discovery

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Kills process with taskkill

Enumerates system info in registry

outlook_win_path

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

outlook_office_path

Checks processor information in registry

Delays execution with timeout.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-03-22 01:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-03-22 01:26

Reported

2025-03-22 01:29

Platform

win7-20240903-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe

"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.total-procurement.com udp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 www.total-procurement.com tcp
US 172.245.136.70:443 tcp

Files

memory/2524-0-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

memory/2524-1-0x0000000000EA0000-0x0000000000EBC000-memory.dmp

memory/2524-2-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

memory/2524-3-0x000007FEF6003000-0x000007FEF6004000-memory.dmp

memory/2524-4-0x000007FEF6000000-0x000007FEF69EC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-03-22 01:26

Reported

2025-03-22 01:29

Platform

win10v2004-20250314-en

Max time kernel

103s

Max time network

141s

Command Line

C:\Windows\Explorer.EXE

Signatures

Stealerium

stealer stealerium

Stealerium family

stealerium

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5208 created 3588 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Windows\Explorer.EXE

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A icanhazip.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5208 set thread context of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\system32\netsh.exe N/A

System Network Configuration Discovery: Wi-Fi Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\cmd.exe N/A
N/A N/A C:\Windows\system32\netsh.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133870804646497182" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 5208 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe
PID 3440 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 912 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 4676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 4676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3440 wrote to memory of 5440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Windows\SYSTEM32\cmd.exe
PID 3440 wrote to memory of 5440 N/A C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe C:\Windows\SYSTEM32\cmd.exe
PID 5440 wrote to memory of 1836 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 5440 wrote to memory of 1836 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\chcp.com
PID 5440 wrote to memory of 4468 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 5440 wrote to memory of 4468 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\netsh.exe
PID 5440 wrote to memory of 1092 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 5440 wrote to memory of 1092 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\findstr.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 2676 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 3300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 3300 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 912 wrote to memory of 464 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe

"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"

C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe

"C:\Users\Admin\AppData\Local\Temp\FACTURAS.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --disable-gpu --disable-logging

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe24c3dcf8,0x7ffe24c3dd04,0x7ffe24c3dd10

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show profile

C:\Windows\system32\findstr.exe

findstr All

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1964,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=1956 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2196,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2192 /prefetch:3

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=2296,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3912,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=3908 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4456,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=4452 /prefetch:1

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\netsh.exe

netsh wlan show networks mode=bssid

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5240,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --field-trial-handle=5304,i,12130079391850602466,14908894080800480304,262144 --disable-features=PaintHolding --variations-seed-version=20250313-182214.581000 --disable-logging --mojo-platform-channel-handle=5300 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --headless=new --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --disable-gpu --disable-logging

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffe2352f208,0x7ffe2352f214,0x7ffe2352f220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2168,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless=new --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2136,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2128 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2568,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3460,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,12244284084147343485,137049231092376350,262144 --disable-features=PaintHolding --variations-seed-version --disable-logging --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\54326d1a-3cb8-4fe5-a297-0f535d09185b.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\taskkill.exe

taskkill /F /PID 3440

C:\Windows\system32\timeout.exe

timeout /T 2 /NOBREAK

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.total-procurement.com udp
US 172.245.136.70:443 www.total-procurement.com tcp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.180.3:80 c.pki.goog tcp
US 8.8.8.8:53 api.telegram.org udp
NL 149.154.167.220:443 api.telegram.org tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 142.250.179.238:443 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 icanhazip.com udp
US 104.16.184.241:80 icanhazip.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.14:443 play.google.com udp
GB 172.217.169.14:443 play.google.com udp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.16.238:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 ntp.msn.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 150.171.27.11:80 edge.microsoft.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
US 13.107.21.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
US 8.8.8.8:53 copilot.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
GB 95.100.153.183:443 copilot.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
US 204.79.197.203:443 ntp.msn.com tcp
US 204.79.197.203:443 ntp.msn.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
GB 104.78.173.45:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 evcs-crl.ws.symantec.com udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 img-s-msn-com.akamaized.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 assets.msn.com udp
GB 104.78.173.45:80 evcs-crl.ws.symantec.com tcp
GB 2.18.190.99:443 assets.msn.com tcp
GB 2.18.190.99:443 assets.msn.com tcp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.msn.com udp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 c.bing.com udp
GB 95.100.153.143:443 www.bing.com tcp
GB 2.18.190.99:443 assets.msn.com tcp
US 150.171.28.10:443 c.bing.com tcp
IE 13.74.129.1:443 c.msn.com tcp
GB 95.100.153.143:443 www.bing.com tcp
GB 18.165.160.126:443 sb.scorecardresearch.com tcp
GB 2.19.252.154:443 img-s-msn-com.akamaized.net tcp
GB 2.18.190.99:443 assets.msn.com udp
US 104.16.184.241:80 icanhazip.com tcp
N/A 127.0.0.1:9222 tcp
N/A 127.0.0.1:9222 tcp
NL 149.154.167.220:443 api.telegram.org tcp
US 104.16.184.241:80 icanhazip.com tcp
NL 149.154.167.220:443 api.telegram.org tcp

Files

memory/5208-0-0x00007FFE2AA73000-0x00007FFE2AA75000-memory.dmp

memory/5208-1-0x000001BBC06B0000-0x000001BBC06CC000-memory.dmp

memory/5208-2-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-3-0x00007FFE2AA73000-0x00007FFE2AA75000-memory.dmp

memory/5208-4-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-5-0x000001BBDAE50000-0x000001BBDB624000-memory.dmp

memory/5208-6-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-17-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-15-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-19-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-31-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-29-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-27-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-25-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-23-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-13-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-21-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-11-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-9-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-7-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-41-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-33-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-37-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-45-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-43-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-53-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-67-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-65-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-69-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-63-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-61-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-59-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-57-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-56-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-51-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-49-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-48-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-39-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-35-0x000001BBDAE50000-0x000001BBDB61D000-memory.dmp

memory/5208-1342-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1343-0x000001BBDB620000-0x000001BBDBD4C000-memory.dmp

memory/5208-1344-0x000001BBDBD50000-0x000001BBDC478000-memory.dmp

memory/5208-1345-0x000001BBC2310000-0x000001BBC235C000-memory.dmp

memory/5208-1346-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1347-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1348-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1349-0x000001BBDACD0000-0x000001BBDAD24000-memory.dmp

memory/5208-1353-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1355-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1356-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1359-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/5208-1360-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/3440-1358-0x0000000000400000-0x0000000000B0E000-memory.dmp

memory/3440-1361-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/3440-1362-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp

memory/3440-1372-0x00000241FE610000-0x00000241FE6C2000-memory.dmp

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt

MD5 00dcaa881f754e13828bbf6b979257a7
SHA1 a83d4f94e107fe5389bb5e8ba6bb821580a65310
SHA256 1f5ae9c7f3c0793f477eb79ca6856d4d9884de9926ccb91df9d78ca7ab977d75
SHA512 e6b8ff34fb85c8737099d8ba0be1a8d32fc232c9c8bc2604531de8dfd363fae8ea795d9556b2c5736882a4d23733a36752a07972dd49a8a909ae31c3b692f3cf

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt

MD5 3c04a312f402f2a01fa3be4fadde2a09
SHA1 97872f69759f8044e73d39398df4f5e16e6721af
SHA256 1481bad22e8c792102be9b4a12aafccb5e6aec2f551daca956403f81cb7850c7
SHA512 b87e55d368fedf51787e5539b4be00f2d328cc0b8ded8eeb581ae28c269260da5db821a905b46d18d08ea026d75dbf5acb947283c88b70c7c85c31d1884fd375

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d94c46d7719a784ae00840130d3d4026
SHA1 1cff6c21e201c22965f00d8cc70c0e0881826fda
SHA256 f2c7ccb94f418daa70f2993d4b55295d2f962c8d8a02b5e27a61a44d6f38c320
SHA512 bab3f59c222d8e4dc557cbd050e2065782bfd00bd20eb06213d46513577fc8f968a766f2c9075a7770b5ca5373033f4f8767d795006713d2324fae659a935b64

\??\pipe\crashpad_912_YXSDBUZLDQWPCOYM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt

MD5 1e0598375aefaa3b8f4b26cc6954e9fa
SHA1 271d338ee55cead16df79c32305839f7e24a1c43
SHA256 784097c3e4e4332cb1e1ebc1df428bc54c4588a982afc10405cb0d37b4fee2df
SHA512 2a8f3c203b1f0bf812106aa658151f296e63ac158c4a0e051edae10bc3cdb2b1477722e705413e65c1e0552b446b23dd20aebebb8b2b2549e6e1baa8f5e5e38e

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt

MD5 7bcef92d68634eece4c2babd1ef67818
SHA1 2f01327227d7fc9fdc050b51f0b71004f4cca90c
SHA256 28fe7f53ea71ce46728da4033a1f66cb56835790d5ae651deabaa758191cd02c
SHA512 5365b61abd2d2cae5b084908fb0e75a421d982ac1e325ae8fcbb7301c52a32ad26ea5596420f747f69e175f8441f88e3d7e05c4c9bbbfaabd7ad7664da711439

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Process.txt

MD5 700013e83609bf751f9abc6ccc33df31
SHA1 485a60d34d171e41908122f45ce97f67a404b1f5
SHA256 a813c3195483520cd8af05daa754b638be824960faededc3321c6595d5a83f39
SHA512 6e828a7ba91e772364a4e99c98e037e1a78867abc26e3a42422a23872a60ffd83af0d15e2f8425efe3531c34e33dcbfa7c6035047d14025bbbed8b85ed0ebfbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3440-1518-0x00000241FE820000-0x00000241FE842000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 92c18abe51b50407db69747c06f2c8f7
SHA1 7e375d2a36a478bb7a54089469ec389a1f1e98fa
SHA256 5088d439162b7d349819637ecf3fd407b97648a4c5fb51d6ce9de45fb496e025
SHA512 8428389155f8c0fdafae1670d482425a13bc1a0829d102cbf74a63ebbcc672eec6ab45ea3c94295867145f513f2a50db8d3786f9891a72f706da4026e67fcbc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 690f9d619434781cadb75580a074a84d
SHA1 9c952a5597941ab800cae7262842ab6ac0b82ab1
SHA256 fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1
SHA512 d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index~RFe5888a3.TMP

MD5 0f15e505c197785a1d1b50e3e5376db4
SHA1 23a14f9b2628d3611c3c194c60206f145ef7ef03
SHA256 7591155696323c5ad0745eec79ab0ae561c65a8dd1e85641850c871478797863
SHA512 d1633f0cc31f06fe219c0e8f967a139ccc3d0f7a061cff16b52c82c6390f0651d2017dfe40721cb559f10611428c8582fd27a754e85288bc8a56981fe1e6af6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\43777905-94d9-469f-bdca-c5a9e2858271\index-dir\the-real-index

MD5 d09ec6cd45c36816b6a408427a1e6db5
SHA1 e5832fd6b2fdb441bc6ee77d0a6b9b0fc8381e6b
SHA256 666857d2f23066237be6ee21dc3a6d8d8b6cc8606f78c56761288d312a8f6c8d
SHA512 d751ed8c5e8bd7605f759fc06eedc762c6f451231f490393903cb506ac408b8e5ae544357bb1791e000de114830623939016be7a725d58c16106a132e2af087a

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\Browsers\Microsoft Edge\Cookies.txt

MD5 bb7e8f9f1a76f581bd4e0f73ef391e76
SHA1 2be852cae8386b4ea6b97408a07df0c8272bded2
SHA256 b5ce15b32d8bfef0e674cbe5f3b5f83cf1a3b5f340ce5e9d498696333b15aaa1
SHA512 61f9674e54262bb3fd2f31273af50c0107ab16d4a0a1572ebad95ad3f3155f88e720e43a95ae244cb490da8a6043dab8d43f2561910ff43188ba961be07e52df

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\System\Apps.txt

MD5 f2a640d3dd6c363654908273ede6e94c
SHA1 79b93351400df4776b9f0cfb4ee3369d83b0a937
SHA256 0ba8dbdef4487b3afc802a9995cab8428d359c5550def7961c702f95c6dcb184
SHA512 6ebb593f7dadca51e61bca7dad689fd43767131cf83c8a80423444c37198327070e91535aee022fdb0fde5f403060ad02de8fe256df4a458a31d4444aa9bf790

memory/3440-1708-0x00000241FE7A0000-0x00000241FE7E4000-memory.dmp

memory/3440-1709-0x00000241FE850000-0x00000241FE86A000-memory.dmp

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\Admin@QQDZFYSF_en-US\Browsers\Firefox\Bookmarks.txt

MD5 70e1643c50773124c0e1dbf69c8be193
SHA1 0e2e6fd8d0b49dddf9ea59013a425d586cb4730c
SHA256 4fe3f09cb4d635df136ea45a11c05f74200fc6e855a75f9a27c0a0d32a2f632a
SHA512 664e5d9263c0137f841daeb3dff00010ffeb7291ed08ccf6d0483200cd6d6bd3c9d31ea7e67a9de6aac591397060d8f01e8469bbad67d8e2f1c3900ef24c3679

C:\Users\Admin\AppData\Local\55ac84080cb3bc44ca7ea7f78d54cef9\msgid.dat

MD5 a532400ed62e772b9dc0b86f46e583ff
SHA1 88a9d5a83b2b7e4bc74200cc205858df88a90f44
SHA256 bda584056eb9957d6c681e00079eff36fec289e2a0432a4221b95438dfef5ca4
SHA512 773177d079d116ceaa805896970513ad22d1516352e24529b852be76c992184e06c0efd48964e3062e8c2fa6a158b9de503e9c105a28367a73dfd8e8e796dfef

C:\Users\Admin\AppData\Local\Temp\54326d1a-3cb8-4fe5-a297-0f535d09185b.bat

MD5 671bffeab3591963df8e3ba94acf385c
SHA1 b3e69f84a1e5e288567d44aa9058a1d7e2b6818c
SHA256 ab46679466603737203746d33b672b5de7f89ab3a3c3662273499786d6c7299f
SHA512 c5d9b07aa9289ce20b7019d9cae7ea11e0a6f124de4bc4126daf68a976c1cd292aadd57fe5a4d7a6269f5a600712792c1bc530fce29a80139b8112c9365e2fa0

memory/3440-1798-0x00007FFE2AA70000-0x00007FFE2B531000-memory.dmp