File name:

11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin

Full analysis: https://app.any.run/tasks/b7263504-1025-48c1-8053-3005f236a343
Verdict: Malicious activity
Analysis date: July 09, 2025, 18:47:35
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

641D47BF87D5AACA20C2AEC4A6915175

SHA1:

DA7A7DC261E4303D2263EB220ACF82908340F2C4

SHA256:

11D630FFDFD5320E63B7FC7677CEB3C2402D76F72FC3B694ADA594E1B53B0A67

SSDEEP:

98304:5eYrTJJ3RFs4lBrZbp2h9moH3zLDBrCqGk+Koc+DIcZQOu+ljfmvTkK192YeSdVv:2oZNCGjPWybl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 3452)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 1776)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2888)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Process drops SQLite DLL files

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Creates a software uninstall entry

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Reads the Internet Settings

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • msedgewebview2.exe (PID: 2888)

    • Reads security settings of Internet Explorer

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • msedgewebview2.exe (PID: 2888)

    • Process drops legitimate windows executable

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Application launched itself

      • msedgewebview2.exe (PID: 2888)

    • Reads settings of System Certificates

      • msedgewebview2.exe (PID: 2888)

  • INFO

    • Creates files in the program directory

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Create files in a temporary directory

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • msedgewebview2.exe (PID: 2888)

    • Reads the computer name

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • PagarMate.exe (PID: 3228)
      • msedgewebview2.exe (PID: 2888)
      • msedgewebview2.exe (PID: 4332)
      • msedgewebview2.exe (PID: 1776)

    • Checks supported languages

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)
      • PagarMate.exe (PID: 3228)
      • msedgewebview2.exe (PID: 5960)
      • msedgewebview2.exe (PID: 4332)
      • msedgewebview2.exe (PID: 1776)
      • msedgewebview2.exe (PID: 2888)
      • msedgewebview2.exe (PID: 4648)
      • msedgewebview2.exe (PID: 4780)
      • msedgewebview2.exe (PID: 2532)

    • The sample compiled with english language support

      • 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe (PID: 1608)

    • Creates files or folders in the user directory

      • msedgewebview2.exe (PID: 5960)
      • PagarMate.exe (PID: 3228)
      • msedgewebview2.exe (PID: 2888)
      • msedgewebview2.exe (PID: 4332)

    • Checks proxy server information

      • msedgewebview2.exe (PID: 2888)

    • Reads Environment values

      • msedgewebview2.exe (PID: 2888)

    • Manual execution by a user

      • msedgewebview2.exe (PID: 2888)

    • Reads the software policy settings

      • msedgewebview2.exe (PID: 2888)

    • Reads the machine GUID from the registry

      • msedgewebview2.exe (PID: 2888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:07:07 11:32:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.44
CodeSize: 510464
InitializedDataSize: 16998912
UninitializedDataSize: -
EntryPoint: 0x553c7
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Vxplore Technologies Private Limited
FileDescription: PagarMater Installer
FileVersion: 1.0.0.0
InternalName: PagarMate-Setup.exe
LegalCopyright: © 2025 Vxplore Technologies Private Limited. All rights reserved.
OriginalFileName: PagarMate-Setup.exe
ProductName: PagarMate-Setup
ProductVersion: 1.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
10
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe pagarmate.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1608"C:\Users\admin\Desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe" C:\Users\admin\Desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe
explorer.exe
User:
admin
Company:
Vxplore Technologies Private Limited
Integrity Level:
HIGH
Description:
PagarMater Installer
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
1776"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 --field-trial-handle=1864,i,8343544822031405146,12985492439882272293,131072 /prefetch:2C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2532"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --js-flags=--ms-user-locale= --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1864,i,8343544822031405146,12985492439882272293,131072 /prefetch:1C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2888"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --mojo-named-platform-channel-pipe=3228.832.15451881801788287600C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3228"C:\Program Files\Vxplore\PagarMate\PagarMate.exe" C:\Program Files\Vxplore\PagarMate\PagarMate.exe
11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe
User:
admin
Company:
Vxplore Technologies Private Limited
Integrity Level:
HIGH
Description:
Employee tracking system for desktop
Version:
1.0.0.0
Modules
Images
c:\program files\vxplore\pagarmate\pagarmate.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\program files\vxplore\pagarmate\webview2loader.dll
3452"C:\Users\admin\Desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe" C:\Users\admin\Desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeexplorer.exe
User:
admin
Company:
Vxplore Technologies Private Limited
Integrity Level:
MEDIUM
Description:
PagarMater Installer
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
4332"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2096 --field-trial-handle=1864,i,8343544822031405146,12985492439882272293,131072 /prefetch:3C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4648"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2364 --field-trial-handle=1864,i,8343544822031405146,12985492439882272293,131072 /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4780"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=entity_extraction --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView" --webview-exe-name=PagarMate.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=4420 --field-trial-handle=1864,i,8343544822031405146,12985492439882272293,131072 /prefetch:8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5960"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=103.0.5060.134 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=103.0.1264.77 --initial-client-data=0x130,0x134,0x138,0x10c,0x140,0x7ffc9910a0b8,0x7ffc9910a0c8,0x7ffc9910a0d8C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
103.0.1264.77
Modules
Images
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edgewebview\application\103.0.1264.77\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
10 657
Read events
10 609
Write events
45
Delete events
3

Modification events

(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Vxplore\PagarMate
Operation:writeName:InstallPath
Value:
C:\Program Files\Vxplore\PagarMate
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Vxplore\PagarMate
Operation:writeName:Version
Value:
1.0.0
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Vxplore\PagarMate
Operation:writeName:VersionCode
Value:
1
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:DisplayName
Value:
1.0.0
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:DisplayVersion
Value:
1.0.0
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:Publisher
Value:
Vxplore Technologies Private Limited
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:InstallLocation
Value:
C:\Program Files\Vxplore\PagarMate
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:UninstallString
Value:
C:\Program Files\Vxplore\PagarMateUninstaller.exe
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:EstimatedSize
Value:
8698
(PID) Process:(1608) 11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PagarMate
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Vxplore\PagarMatePagarMate.exe
Executable files
6
Suspicious files
50
Text files
28
Unknown types
22

Dropped files

PID
Process
Filename
Type
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMate\WebView2Loader.dllexecutable
MD5:E2F9D2EF3446E70B50DE50F577C6939E
SHA256:A8A6CD8D6DF1F913671BCD96B6298B6F53FD066A84AE891E4D865BC1B8E8E9E4
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMate\libcurl-x64.dllexecutable
MD5:3B3350CEAC1A9296CF396E10D8166761
SHA256:F49E0F2AA68B7F0F5EAC0B17526A61A5C388CC1C45703182524270282EECA135
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMateUninstaller.exeexecutable
MD5:641D47BF87D5AACA20C2AEC4A6915175
SHA256:11D630FFDFD5320E63B7FC7677CEB3C2402D76F72FC3B694ADA594E1B53B0A67
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Users\admin\AppData\Local\Temp\libcurl.dllexecutable
MD5:72C71E12AB4E31560AE4647094056EAB
SHA256:9F1BD2C15825B2EF194E57375443D79CC45535501208B550538713D7ACE4AE00
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMate\curl-ca-bundle.crttext
MD5:1A7DE82BB9F0FCC779CA18A7A9310898
SHA256:50A6277EC69113F00C5FD45F09E8B97A4B3E32DAA35D3A95AB30137A55386CEF
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMate\PagarMate.exeexecutable
MD5:C22346AB094CBF95F22E0E6799E7AB38
SHA256:417A1CB56018AEB3565EDD9E9598FFB917B77BCB4B643DCD258C7958CDBBC5BB
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Program Files\Vxplore\PagarMate\sqlite3.dllexecutable
MD5:FEFD15A491423C4C727BC45682828A81
SHA256:08FB666EDE60EE2A3374D2880BC827AC3CE5E2E888BEA253088A56C81B7E6636
2888msedgewebview2.exeC:\Users\admin\AppData\Local\Vxplore\PagarMate\webview\EBWebView\Crashpad\throttle_store.dattext
MD5:9E4E94633B73F4A7680240A0FFD6CD2C
SHA256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\ProgramData\Microsoft\Windows\Start Menu\ProgramsPagarMate\PagarMate.lnklnk
MD5:80727D3CCE1BE2A6443914604C27CC90
SHA256:5DDC98AEBBD8B9E78EFCED05E6750F4D62891E5534EF32DAF6C7166ACEC360A5
160811d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin.exeC:\Users\admin\Desktop\PagarMate.lnklnk
MD5:EF2663989B5567E99664689422503622
SHA256:70B7DA77F6628DF062031C799D8FE7C8B147BE946EFB6F635DF944EE7A8AB4A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
28
DNS requests
22
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3960
MoUsoCoreWorker.exe
GET
304
208.89.74.23:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9fbc3d85a60e9ac6
unknown
whitelisted
6640
firefox.exe
POST
200
2.17.190.73:80
http://ocsp.digicert.com/
unknown
whitelisted
1340
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1524
svchost.exe
GET
200
2.18.64.212:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
2924
OfficeC2RClient.exe
52.109.76.240:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
52.109.76.240:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1524
svchost.exe
2.18.64.200:80
Administracion Nacional de Telecomunicaciones
UY
unknown
700
pingsender.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
2860
svchost.exe
13.89.179.8:443
v20.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
4628
rundll32.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6640
firefox.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
6640
firefox.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
officeclient.microsoft.com
  • 52.109.76.240
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted
v20.events.data.microsoft.com
  • 13.89.179.8
whitelisted
telemetry-incoming.r53-2.services.mozilla.com
  • 34.120.208.123
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
e3913.cd.akamaiedge.net
  • 2.17.190.73
unknown
google.com
  • 142.250.186.78
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ctldl.windowsupdate.com
  • 208.89.74.23
  • 208.89.74.31
  • 208.89.74.27
  • 208.89.74.29
  • 208.89.74.21
  • 208.89.74.17
  • 208.89.74.19
whitelisted
login.live.com
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.128
  • 40.126.31.67
  • 40.126.31.131
  • 40.126.31.73
  • 40.126.31.128
  • 40.126.31.3
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
1524
svchost.exe
Misc activity
ET INFO Microsoft Connection Test
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Vxplore\PagarMate directory exists )
PagarMate.exe
{"dx":0,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":2,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":14,"dy":-3,"type":"drag"}
PagarMate.exe
{"dx":0,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":0,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":66,"dy":-2,"type":"drag"}
PagarMate.exe
{"dx":8,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":0,"dy":0,"type":"drag"}
PagarMate.exe
{"dx":125,"dy":0,"type":"drag"}
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
11d630ffdfd5320e63b7fc7677ceb3c2402d76f72fc3b694ada594e1b53b0a67.bin