23819.rar -

The executable launches and frequently uses "Process Hollowing" to inject malicious code into legitimate Windows processes (like vbc.exe or RegAsm.exe ).

Sending stolen logs to a hardcoded attacker-controlled email address. FTP: Uploading data directly to a remote server.

Machine name, IP address, and hardware configurations. 23819.rar

As an Agent Tesla variant, its primary goal is stealing:

Login data from Outlook, Thunderbird, and Foxmail. 23819.rar

Ensure Windows is set to show file extensions so you can see if a "PDF" is actually an EXE .

Monitoring for copied passwords or crypto-wallet addresses. Network Indicators 23819.rar

Usernames and passwords from web browsers (Chrome, Firefox, Edge).